Mitsui began using Security Copilot to streamline operations of the zero-trust security system protecting its network

Mitsui Group’s cybersecurity operations support its varied businesses worldwide

Mitsui & Co. has 125 offices in 61 countries (as of January 2024) and wide-ranging business interests in areas such as metal and energy resources, distribution, ICT, and regenerative agriculture. The company is promoting digital transformation (DX) in each of those domains, with its 491 Group companies and divisions pursuing numerous DX projects.

Mitsui’s DX Comprehensive Strategy has a dual focus. The “DX Business Strategy” focuses on the end user, exploiting digital tools to enable proactive business management. The “Data-Driven (DD) Management Strategy,” meanwhile, facilitates speedy yet accurate data-based decision making.

This ensures that business IT, corporate IT, and cybersecurity all function smoothly through integration of “Offensive DX (DX Business Strategy),” which incorporates new businesses and existing revenues, and “Defensive DX (DD Management Strategy),” which seeks to reduce existing costs through data-driven, radically increased productivity.

Shingo Fujita, General Manager of the Digital Security & Infrastructure Department overseeing network and cybersecurity issues for Mitsui’s Integrated Digital Strategy Division, offers these insights.

“Mitsui has wide-ranging business interests across the globe. This means that the company has actual offices at which valuable information is acquired. Our DX Comprehensive Strategy uses digital tools to help generate new value from these important sites.”

Mitsui’s cybersecurity initiatives supporting corporate DX promotion were recognized with a Special Award at the Cyber Index Awards 2023 sponsored by Nikkei, Inc. Fujita states, “We view this as a significant award highlighting the achievements of our Integrated Digital Strategy Division.”

“The Mitsui Group’s cybersecurity countermeasures must conform to laws and business practices differing by country and region, and to rules varying across business domains.  We also understand that an additional factor in the evaluation was the global scale of our strategy.”

Mitsui’s cybersecurity strategy centers on three concepts : Prevention, training, and management

Prevention refers to cyber-hygiene (IT hygiene management), implying identification of IT assets and contracted solutions with thorough follow-through of endpoint management.

Training suggests implementation of zero-trust security through exploitation of solutions such as Microsoft 365 E5. It also embraces security environments developed to handle new working styles such as those implemented during COVID-19.

Management, the third concept, involves creation of a Computer Security Incident Response Team (CSIRT) through coordination among the Integrated Digital Strategy, Corporate Communication Division, and Legal Divisions, along with the PMS office which oversees personal information. This enables risk management through nimble and appropriate information sharing appropriate for each incident level. The company is also establishing rules for a cyber-Business Continuity Plan (cyber-BCP) enabling swift business recovery during system disruptions.

However, even a cybersecurity structure such as the one developed by Mitsui faces challenges. One such issue is the lack of security specialists. With a shortage of personnel, Mitsui is focused on generative AI in its security operations to deliver a more efficient response to the continued rise in cyberattacks. Thus, as soon as Microsoft announced its Microsoft Security Copilot EAP in March 2024, Mitsui immediately decided to participate.

Lack of security specialists and increasing operational burdens

Youhei Hayata of the Digital Security & Infrastructure Department in Mitsui’s Integrated Digital Strategy Division explains why the company focused on Security Copilot. “We aimed at strengthening the efficiency of our Security Operation Center (SOC) while lessening reliance on high-skilled personnel in our security operations management."

“Many companies are facing an overall lack of security specialists, and we are no different. The threat of targeted attack emails is strengthening; we have seen a three- to fourfold increase in such incidents in comparison with fiscal 2021. Our Group companies can now report business fraud or phishing emails to the SOC using a button directly added to Outlook, but the sheer volume of these threats makes response difficult. We hoped that generative AI technology used in resources such as Security Copilot would help enhance our business efficiency.”

The Digital Security & Infrastructure Department has eight members in addition to its General Manager. It outsources SOC and related operations to Mitsui Bussan Secure Directions, Inc. (MBSD), a Group company. “MBSD employs highly skilled talent, but the personnel shortage remains a shared challenge,” says Satsuki Araki, Senior Consultant for the DX Security Promotion Group in the Digital Security Promotions Department of the MSBD Consulting Services Division.

“The shortage of security personnel, especially the most highly skilled, is one of the key challenges we face. We focused on generative AI as one option, making our participation in the Security Copilot EAP critical.”

Handling a massive volume of alerts

Hayata and Araki both sense great potential in Security Copilot in streamlining entry-level tasks, among other options. Araki offers one example, commenting on responding to alerts issued by Microsoft Sentinel during routine full network monitoring.

“A detected security breach can result in release of too many alerts. Grasping the overall picture—of what is happening, and where, and how the phenomena are linked—can take time. Security Copilot can analyze alerts individually to provide a clearer understanding of that overall picture. This has helped devise countermeasures and has shortened initial response time. AI never suffers exhaustion, so can sustain alert analysis regardless of the number of alerts. We are grateful to be freed from this burdensome task.”

Araki also expects that, “Security Copilot will lead to overall work efficiency and stress reduction. There are clear response procedures, such as which log to reference during incident outbreaks. As we’re all human, it can be difficult to remember things during emergencies, such as which columns are contained in which tables, and what searches to conduct. We can rely on Security Copilot to show us where the relevant log is located, relieving psychological stress. It is also extremely helpful to ask questions and receive answers in Japanese. One other point is that threads generated with Security Copilot remain intact, eliminating the need for follow-up reports and briefings during task handovers, which greatly helps worksite staff.”

Aiding sensitive internal fraud investigations

Hayata and his colleagues also highlight contributions made during internal fraud investigations. Information leaks typically stem from external attacks or internal fraud. The former remain the greater threat, but cases of internal fraud are increasingly evident as both job mobility and competition for technological information between nations have increased in recent years.

When internal fraud is suspected, “Security Copilot in Purview comes in handy, providing the essential information required by the situation,” Hayata explains.

“For example, if there is suspicion of fraud in a particular company, examination of information contained in emails, chats, OneDrive for Business, and internet access logs will be used in the investigation, which is conducted by specialists outside IT related organization. The employee’s superior determines whether the employee’s behavior fell within normal business parameters, while the compliance division determines whether such behavior was fraudulent. Both the superior and the compliance officer can utilize Security Copilot in Purview to help ease their investigation.”

Of course, there is still the issue of the degree to which generative AI should be privy to data. Hayata points out that incorporating Microsoft Purview into overall data asset protection and management reduces the risk of compromising confidentiality.

“Using Microsoft Purview to affix sensitivity labels such as “public,” “internal only,” and “confidential” allows you to exercise access restrictions. For example, even if Copilot gains access to “confidential” data, you can maintain peace of mind by knowing you have protected that data by limiting user access.”

Anticipating the rapidly evolving Security Copilot

What astonished Hayata and his colleagues more than anything else about Security Copilot was its evolutionary speed for functionality improvements.

“Security Copilot’s features evolved rapidly during the EAP period with the addition of new plug-ins such as Microsoft Purview and Microsoft Entra ID, among other examples. That enhanced compatibility with the Mitsui zero-trust security environment, affording greater peace of mind. These improved features will enable us to entrust maximum detection and accurate reporting of high-level incidents easily missed by human monitoring. What we call “knowledge” can be increased through expanded use of plug-ins, while response accuracy can be enhanced with improvements in generative AI,” Hayata explains.

Araki adds that, “Output in response to Japanese-language inquiries gained accuracy during the EAP period. If functional improvements continue at this pace, it will not only aid entry-level tasks, but also support highly skilled employees.”

Generative AI is evolving with astonishing speed. Hayata points out, “Those of us brainstorming measures to address the talent shortage have high expectations. It would be ideal if employees with no IT expertise or inexperienced security personnel could use Security Copilot to generate the same output level as skilled security resources. That would enable a broader range of hiring options for security talent. I look forward to continued introduction of improved features once Security Copilot is officially adopted.”

Fujita provided us with the final word. “Cybersecurity is a sensitive area with ever-changing components. Incident responses must be swift with no room for error. Flexible technology such as generative AI, rather than a standardized solution, is needed for ongoing response to such high-level requirements. We believe that Microsoft will continue to deliver technologies that meet our expectations.”