Tokyo FinTech
Published in

Tokyo FinTech

Delta Wall V — Cybersecurity Exercise for the Japanese Financial Sector

Photo by Markus Spiske on Unsplash

Cybersecurity in the Financial Sector

  • Incidents such as fraudulent deposits/withdrawals and settlements through payment services of fund transfer companies have occurred at multiple financial institutions
  • In addition, we have seen cyber attacks that take advantage of the pandemic environment and cyber attacks aimed at telework
  • The threat of cyberattacks is a major risk that could affect the stability of the financial system, and further improvement of the financial industry’s ability to respond to incidents is essential

Overview of the Exercises to Date

  • Previously, four exercises have been conducted, with a total of 900 people participating from 77 institutions in FY2016, 1,400 from 101 institutions in FY2017, 1,400 from 105 institutions in FY2018, 1,400 in total, and 2,000 from 121 institutions in fiscal 2019
  • Many participating financial institutions continuously review the regulations, and are implementing and planning measures to strengthen information cooperation with internal and external organizations, thereby improving the response system through this exercise

Delta Wall V Scope

  • In mid-October 2020, the Financial Services Agency holds its fifth cross-financial cybersecurity exercise with approximately 110 participants
  • In the context of recent fraudulent deposits/withdrawals, etc., we will test the effectiveness of the customer response in the event of an incident, as well as cooperation between departments and externals organizations
  • Based on the results of the exercises conducted last year, banks and other organizations conducted exercises to verify the effectiveness of incident response through internal escalation to management decision-making inside the organization with the aim of “further improving the ability to respond to incidents”
  • In order to improve the ability to respond to incidents in a telework environment, participating financial institutions this time around will take part in exercises under the actual telework environment

Features of the Exercises

  • Exercises aimed at confirming the response system and procedures related to sharing of information inside and outside the financial institutions in the event of an incident
  • Participation will include management and many departments across the organization (system department, public relations, planning department, etc.)
  • While considering the knowledge of private experts and analysis of examples of attacks, weaknesses that financial institutions are likely to exhibit are highlighted, and participants can gain “awareness”
  • In an effort to improve the ability of participating financial institutions to respond while turning the PDCA cycle, the exercise focuses on post-assessment, such as showing specific improvement measures and good examples

Test Cases


  • Not disclosed based on black box testing
  • Customer impact due to homepage abnormality
  • Malware infection on internal devices and their spread
  • Leakage of customer information
  • External malware intrusions and in-house infections
  • Outflow of customer assets
  • Intrusion into internal systems and unauthorized communication to the outside world



一般社団法人 (General Incorporated Association) Tokyo FinTech is registered as a non-profit organization in Japan, promoting the domestic ecosystem through innovation

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Norbert Gehrke

Passionate about strategy & innovation across Asia. At home in Japan. Connector of people & ideas.