See the event page for details and registration. ■ Rising ransomware damage and the growing “attack surface” targeted by diverse attacks As digital technologies spread rapidly, many companies and organizations now conduct a wide range of business activities on digital infrastructure. While the use of the internet and cloud services, the increase in IoT devices, and the adoption of big data and AI continue to advance, malicious actors launch cyberattacks every day by targeting vulnerabilities in these environments. In particular, the range of targets exposed to cyberattacks, known as the “attack surface,” continues to expand. ■ How do attackers target vulnerabilities? Damage from ransomware attacks has increased sharply in recent years. According to a survey by Japan’s National Police Agency Cyber Police Bureau, more than 80% of infection routes among companies and organizations hit by ransomware involved “intrusion through VPN or remote desktop equipment.” Many attackers first examine publicly available information and data obtainable from externally exposed IT assets accessible from the internet, then consider potential targets and attack methods. Externally exposed IT assets include websites and servers launched by business departments, cloud services used by employees for work, and other assets that information systems teams may not fully understand or manage. Unidentified assets are often left with insufficient security measures, increasing the risk that they will be targeted as entry points for cyberattacks. ■ How should organizations understand externally exposed IT assets, including those of subsidiaries and group companies? To protect an organization from such cyberattacks, it is important to build a mechanism that identifies externally exposed IT assets and continuously evaluates, on a regular basis, whether they expose weaknesses. However, companies with subsidiaries or group companies may fail to inventory externally exposed IT assets or may be unable to