Introduction

Hello, this is Kuwahara @Osaka Tech Lab from the SCoE Group of KINTO Technologies (hereinafter referred to as KTC).

SCoE is an abbreviation for Security Center of Excellence, which may not be a familiar term to you yet. At KTC, we restructured our CCoE team into the SCoE Group this past April. To find out more about the SCoE Group, please check our article “SCoE Group: Leading the Evolution of Cloud Security.”

To find out more about the Osaka Tech Lab (KTC’s Kansai base), see “Introducing the Osaka Tech Lab.”

In this blog, we will provide a report on our participation in the 28th Shirahama Symposium on Cybercrime, which was held from July 4th to 6th, 2024.


First of all, for those who are not familiar with the place "Shirahama"

Shirahama refers to a town located in the Nishimuro District of Wakayama Prefecture. It’s a picturesque tourist destination, known for its stunning ocean views, beautiful beaches, and relaxing hot springs. Shirahama is also home to Adventure World, which houses the largest number of pandas in Japan, with four pandas in total.

I imagine that the symposium participants not only deepened their knowledge of cybersecurity but also enjoyed the many attractions of Shirahama.

Symposium Overview

The theme was “How can we address the rapidly changing environment and the increasing complexity of cybercrime?”
Although the event was mainly focused on cybercrime, it also included talks and panel discussions on recent general security threats and emerging topics. Based on the philosophy that "cybersecurity cannot be protected by a single organization," this symposium values ​​horizontal connections between companies, government agencies, educational institutions, and other organizations. As a result, I got to hear a lot of ideas and opinions directly from the source, that you could only be gained by being present at the event.
The daytime session was held at the Wakayama Prefectural Information Exchange Center Big U, while the evening session shifted to Hotel Seamore, located about 8 km away (I won’t delve into the fact that the daytime venue is technically in neighboring Tanabe City rather than Shirahama Town.)

There were numerous interesting talks and presentations at the symposium, but I will highlight two key topics that left a lasting impression on me. For a full program listing, please check out the official website.

Key topic 1: Cross-organizational collaboration

Networking is regarded as extremely important in these symposiums. The greeting address from the symposium organizing committee leader and several speakers emphasized that no single company or organization can effectively counter threats alone. They highlighted the importance of defending against threats in a holistic, surface-level approach rather than a fragmented, point-based one. This highlights the necessity of collaboration that transcends the boundaries of different industries, as well as the public, private, and academic sectors, to address the complexities and diversities of cyberattacks. It is important to have a common understanding that information sharing between companies, collaboration with government agencies and police agencies, and cooperation with educational institutions are key to achieving stronger security measures.
Many police representatives also participated and exchanged views with individuals from private companies. In fact, the first person to invite me to exchange business cards at the symposium was a representative from a police force in a certain prefecture.
It was also emphasized that it is difficult for a company to deal with security incidents on its own, and that it is important for each organization to share their experience and know-how and implement effective security measures.

During the evening's BOF (Birds of a Feather) event, participants with the same concerns from across organizations and industries gathered and engaged in a lively exchange of opinions.

Key topic 2: Generative AI and security

There were several talks that covered the trend of generative AI security. The most impressive one was the talk by Fujitsu Laboratories, who provided the latest trends and practical knowledge on generative AI security.
The presentation by Fujitsu Laboratories emphasized the importance of addressing security in two ways, protecting systems with AI and ensuring the security of AI itself.

• Protect with AI:
  • AI as a Cybersecurity Defense
  • AI to prevent security incidents
    In the field of protection through AI, the existing security coverage is expanding massively as a result of being able to use generative AI as a means of protection. Fujitsu Laboratories introduced their efforts to expand security AI components and create a DevSecOps framework.
• Protecting AI:
  • Threats and attacks against AI
  • Protecting AI from attacks
    In the "Protecting AI" section, the risks posed by generative AI were explained in detail. Specific methods of cyber attacks against generative AI and countermeasure approaches were also mentioned. Attacks against AI, including "stealing information" and "deceiving AI," were introduced with concrete examples.
    The talk was very informative, as it systematically summarized the security aspects that should be considered when building products that utilize generative AI.Brazil For instance, we received useful input for formulating security guidelines for the generative AI development process, as well as examples of guardrails and vulnerability scanners, which will be useful in creating concrete guidelines.

TIPS for those attending next year

Here are some tips for those who will be attending next year.

• Securing tickets: The hot spring symposiums (Dogo, Echigo Yuzawa, Atami, Kyushu), including this Shirahama Symposium, are very popular and have platinum ticket prices. Be sure to check the sales start date and secure your tickets early. I also recommend buying lunch (bento) tickets as well. This is due to the limited number of lunch options available in and around the venue.
• Securing means of transportation: There is a shuttle bus provided by the symposium from Shirahama Station to the venue, but the time is not flexible. It is difficult to get to the venue by public transportation, so you need to be careful about the shuttle bus times. Renting a car is also an option. (I got permission from my company to attend by car, which was really helpful.)
• Choosing your accommodation: Considering the shuttle bus, it is convenient to choose a place to stay close to the venue (hotel) for the night. The area around the venue for the night is a hot spring resort, so there are many accommodations.
• Networking: It is advisable to bring plenty of business cards. This is a networking-oriented symposium, so the more you interact with others, the more you'll gain.

Summary

In cybersecurity, connections across organizations and industries are important. The “straight from the horse’s mouth” ideas, opinions, etc. that you can only get to hear by actually being there are truly invaluable. I am very grateful to the organizing committee members, speakers, sponsors, and all other participants for making the symposium so worthwhile.

Next year, how about immersing yourselves in cybersecurity while admiring the beautiful Shirahama sunset as well?

Finally

The SCoE Group I belong to is seeking new team members to join us. We welcome both those with practical experience in cloud security and those who are interested but have no experience. Please feel free to contact us.

For additional details, please check here.