LAC has a strong history of prioritizing cybersecurity and adapting to technological shifts, aiming to protect society from cyber threats and contribute to the growth of a prosperous digital era.
If we could start by having you introduce your company to us. What kind of firm is LAC? What are your main strengths and core competencies that allow you to stand out among your competition and what are some of the key milestones that have come to define your business throughout the years?
The utilization of digital and cloud services has been penetrating recently but the company’s business structure hasn’t changed. However, with the recent advent of generative AI we are seeing disruptive innovation and Japan is, in principle, free of machine learning under copyright laws. For that reason, Japan is considered a very advantageous market for generative AI to test in, and this, in my opinion, is presenting a good opportunity to advance technology as well as reconstruct the industrial structure.
Many foreigners have questioned why we have shrines and temples in Japan. Shinto is the traditional belief system here and it actually translates to “way of the gods.” From the continent, Buddhist culture made its way to Japan and at that time Emperor Shotoku Taishi, an early Japanese imperial family member decided to welcome ideas from overseas and merge them together with ideas that already existed in Japan. Harmony was the goal and it really speaks to the basis of Japanese culture ever since. We pride ourselves as people on welcoming things that are new, and while at times we may not agree, we must try to harmonize.
This can be exemplified in the past when during the Edo period the days of samurais ended and the shift during the Meiji period moved towards welcoming Western philosophy. People who lived during that time had to adapt to new cultures, and nowhere was this more symbolically shown than when the samurai cut off their special hairstyle "Chon-Mage" in order to fit into the new times. In Japanese, we have a term known as kurofune, which means black ships and was used to denote Western vessels arriving in Japan during the late 19th century, which was then closed to the rest of the world and demanded the opening of the country. When you move forward in time you have WWII and the arrival of General Douglas MacArthur, the Supreme Commander of the Allied Forces, who was colloquially known as Black Ship MacArthur, carrying the same amount of revolutionary change as those ships 100 years ago. During that time the US and England were considered sworn enemies, but by the end of the war, Japanese people were willing to shake hands with past enemies of Japan. This adaptability or flexibility to change with the times has been basically the essence of Japanese culture and people for hundreds of years now. Likewise, with AI, which is at the center of the current discussion, we believe that Japanese people are willing to accept new technologies to leverage these qualities to utilize new and emerging technologies.
Now I will tell you about my company. We were established in 1986 and our security business began in 1995. We began as a penetration test business to investigate vulnerabilities, and nobody in Japan at this time was keen in this field. Thinking back to that time many wondered why even try to make a business out of this field. It took 10 years before the security business started making a profit, in 2005 finally. The founder and president of our company developed this security business, but as I just mentioned, it didn’t bear fruit for 10 years, which is an exceptionally long amount of time for any company to go before making a profit. However, his mindset was that cybersecurity would protect the country and what he was doing was critical to the day-to-day operations of Japan as a whole.
As a private company, we need to consider profit, but besides that, believe that our core company mission is to provide cybersecurity to protect the nation. However, that penetration test business we began with is on-the-spot based, and while it did make money, we felt that it didn’t happen often enough for us to continue, basically, the business just wasn’t stable enough. That is why we established JSOC, the Japan Security Operation Center, which started generating a profit back in 2005. That allowed us to lay a sturdy foundation for cybersecurity field.
When we established JSOC our internal development teams were willing to create the SOC system, however, the founding president said that he would rather purchase it, so that is why we imported the technology from a US company. An interesting note is that I actually started my cybersecurity career as an engineer on this internal team. We worked with a trading firm and encountered a company called Riptech which was headed by Amit Yoran, a former National Cyber Security Division director within the United States Department of Homeland Security during the tenure of former President George W Bush. Riptech was bought out by Symantec which is now known as Gen Digital. It was through this firm that we were able to expedite the establishment of JSOC. The direction of Symantec and ourselves was different, so we developed our own SOC operation system, "LAC FALCON," which is the foundation of our SOC business today.
The cutting edge of cybersecurity isn’t the research centers but the actual sites themselves, because bad people conduct their business onsite. Through JSOC we work with many companies that are experiencing cybersecurity issues, and from those cases, we are able to gather data and learn from it. Another uniqueness stemming from this is that we provide a Incident Response 119 service, or in the US I believe it is 911. Basically an emergency call regarding cybersecurity issue. Annually we receive around 500 calls from this service and respond to clients.
Education and training are important to us and we often consult with firms using our accumulated knowledge and information. We have accumulated data over many decades now on what is happening at sites. and with this data, we are able to generate the threat intelligence JLIST as well as a JSIG which is a digital signature. We can then analyze what kinds of attacks might come and what kind of measures we can put on networks. From that, we then provide software as a solution.
This is a brief overview of our company, but I would also like to point out that we do have a research institute also that is researching threat intelligence. We gather and share information on this topic with related parties, and we are also working together with the government on training and educating young engineers. The goal is to uplift the level of cybersecurity in Japan.
You mentioned there the Meiji restoration and the post-war period with General Douglas MacArthur coming to Japan as ways to explain the adaptability of the Japanese character. We are very interested to hear how you feel this relates to the Japanese character of today. LAC has been a pioneer in Japanese cybersecurity and you had a good niche carved out for yourselves, however, in recent years, you’ve seen many foreign players enter the market with a lot of capital. How are you reacting to these new players? Are you looking more to compete with them or to collaborate with them?
Basically, we will be shaking hands with those overseas firms. It is important for domestic companies to take care of domestic cybersecurity but at the same time, with global economic security, it is so important for Japanese firms to collaborate and create alliances. With some of these foreign firms, there is a wealth of knowledge in regard to global cybersecurity, so I feel it is beneficial to collaborate in areas that we can so that we can continue to develop our strengths. I feel that it is also an advantage for overseas companies to work with us so that they may also benefit.
One of the strengths you alluded to was your ability to really understand your clients. It is our view that it is a very exciting time for Japanese companies given the rampant supply chain disruptions in China during the COVID-19 pandemic, which has led to many multinational firms wanting to diversify their supply chains. On top of that, a weak JPY has made Japan a very cost-competitive location, so we are seeing many Japanese companies starting to outsource their manufacturing activities or put a greater emphasis on the overseas market. How can you apply this core strength of understanding your clients when they operate overseas, and how can you continue to support them and their security needs both inside and outside of Japan?
Our main business section is for penetration tests, and that is done across the globe. We also provide training, and JSOC is our main operation monitoring center. Additionally, we provide PSOC, which stands for Private Security Operations Center, and this is a system for private enterprises. This is useful, an example might be a Japanese manufacturer that has an overseas base with a wide group network. We can provide security that encompasses both Japan and overseas.
From the eyes of the West, Japan is a nation that is slow with DX, ranking 29th on a recent digital competitiveness poll. However, there are those that believe this is a misperception. How do you rate Japan’s digitalization effort? Do you believe that it is a misperception that Japan is slow with digital transformations?
Japanese industry really doesn’t change unless we have a threat such as Black Ship or MacArthur coming. Revolution does not happen unless there is a significant person or event, basically a triggering point. That is because Japanese industries are very conservative, and there are companies that hold more power and they don’t want to relinquish that power. However, saying that digitalization is more prevalent in B2C businesses because there isn’t such a complicated power balance. B2B and government have these complicated power balances, and thus there is a bottleneck for digitalization. This is what is hindering Japan from changing and adapting to this new, digitalized world. With the creation of a digital agency, I have high hopes, however, from an overseas media perspective the recent Individual Number Card fiasco has made many questions about the decisions of the Japanese government and why they can’t be more accommodating. Unfortunately, the Japanese mindset is that no mistakes should ever be made and everybody should be included. This sense of inclusiveness has made things cumbersome; thus, the country continues to be very slow in adapting to digital tools. Despite this, however, it is my belief that with the adoption of ChatGPT of Generation AI things might change pretty soon. You could say that ChatGPT is the Douglas MacArthur of 2023.
With all of the greater advantages the introduction of these tools offer, they also come with a number of new security risks. This has been a point of hesitation in many respects for the more massive rollout of programs similar to Individual Number Card. What role do you anticipate LAC can play in facilitating a safe transition and calming the worries for these kinds of programs and tools to be able to proliferate in Japanese society?
In Japan digital tools are not used in critical areas yet, however, with the recent introduction of Individual Number Card, it allows you not only to apply your habitant record but also tax information, and is expected to be linked to driver's licenses and bank accounts in the future.. Once this Individual Number Card becomes more widely used you will inevitability see the rise of security issues. With this proliferation, I see an increase in opportunities for our firm to be active in the market. We have accumulated past know-how and experiences so that we are ready to accommodate any and all threats that might appear with the uprising of digitalization.
During our research, we saw that collaboration with smaller firms is playing an equally important role for LAC, and two stood out for us; the first was with Opening Line for file security and the other was a company called Keys which you are working with on a digital padlock solution. Can you tell us the role that collaborating with these small startup businesses is playing for you, and are you interested in collaborating with these types of venture companies from overseas as well?
Yes, we are interested in working together with overseas ventures, especially in countries like Israel that have many new and innovative ventures. We have two different types of collaborations with venture companies. One is a business collaboration where we jointly conduct business. The other way is through CVT or capital venture investment, and this is where we provide capital for companies that we see as future potential collaborators.
In 2018 you first went overseas to establish an office in Singapore. Why did you choose Singapore as a place to outsource work and what is the current focus of your global development strategy?
Singapore has sustained its political stability despite being surrounded by neighbors with tumultuous political environment. The political stability provides predictability and a sense of security for investors and businesses entering Singapore. As a result, LAC Singapore was incorporated in July 2018. And in March 2019, LAC Co., Ltd. and NEC Asia Pacific Pte. Ltd. formed a strategic alliance to promote cybersecurity in the Asia Pacific region. Given Singapore is LAC's first branch office outside of Japan, our primary business focus is to serve overseas Japanese companies in South East Asia, who businesses predominantly are dealt with in English language. LAC Singapore works very much independently from LAC Japan given the language barrier and its solution requirements are very different. Thus, we started our business focusing on; working with/thru' liked minded partners, offer Managed Security Services (MSS), Security Assessment consultancy and Vulnerability Assessment & Penetration Testing, and Training. Our strategy is to start humbly, see what the local players are weak at, and turning those weakness into our strength. Use Singapore as our leap to the rest of Asia. We want to focus in expanding our resources and capabilities in AI Security, discover a unique LAC Cybersecurity service that will keep up and stay ahead of the game.
Imagine that we come back in 3 years' time and have this interview all over again. What goals or dreams would you like to achieve by the time we come back for that new interview?
Our core business is System Integration and cybersecurity, but when customers apply the two to other businesses, there are two aspects, functional and non-functional, and the former is supported by "system development", but the era is moving toward in-house digital system production. An important element of the latter has become cybersecurity. Japanese companies like to focus on the efficiency of the business, so I envision that in the near future with the upcoming demands in cybersecurity, companies will outsource this non-functional role of their business to a third party. We want to be the one chosen as the partner to fulfill this role. With the advent of AI, we also want to diversify out of cybersecurity to provide other comprehensive services. We cannot go into further details but we will say that you should keep your eye out for us to make some exciting moves in the next few years.