The Information-technology Promotion Agency (IPA) issued information security alerts for the 2025 summer vacation period.
This alert published by the IPA Security Center on August 1, 2025, aims to prevent response delays and damage expansion when security incidents occur in different situations than usual, such as long-term absence of system administrators during summer vacation when many people take extended holidays.
Security Measures by Target Users
Information security measures during extended holidays are compiled for three target users: (1) individual users, (2) enterprise and organizational users, and (3) enterprise and organizational administrators. Additionally, information security measures that should be implemented daily regardless of extended holidays are published, with reference ranges for each target user clearly indicated.
Strengthened Measures Against Network Penetration Attacks
Enterprises and organizations are particularly emphasized to pay attention to network penetration attacks that exploit vulnerabilities in internet-connected devices and equipment. Since August 2023, IPA has continuously issued alerts regarding this type of attack, pointing out risks including information leakage, tampering, ransomware infection, and becoming Operational Relay Boxes (ORB) as unauthorized communication relay points when attacked.
Countermeasures include understanding system configurations and internet connection points, vulnerability measures and daily log monitoring as cybersecurity measures, and emphasizing the importance of crisis management systems including Business Continuity Planning (BCP) and Business Continuity Management (BCM) that encompass non-cyber risks. Reference to the "ASM (Attack Surface Management) Introduction Guidance" published by the Ministry of Economy, Trade and Industry in May 2023 for organizational IT asset management is also recommended.
Consultation Services and Support Systems
IPA has established comprehensive cybersecurity consultation services for enterprises and organizations, encouraging utilization when security incidents occur. Additionally, participation in "cyber situational awareness" activities through information provision when recognizing suspicious communications or emails is requested.
Furthermore, home and SOHO router security measures are mentioned, with reference materials such as router selection points introduced in IPA NEWS Vol. 70 (January 2025 issue) also provided.
The article concludes the importance of each entity implementing appropriate preliminary measures to minimize security risks during extended holidays and avoid impacts on business continuity after holidays.