15 November 2022
We are honored to receive an award for our paper on email security practices in Japan!
澁谷遊野*, 近藤大嗣*, 山口利恵, 中田登志之, 浅見徹 (2022). 日本国内におけるメールセキュリティに関する実態把握. Computer Security Symposium 2022, 熊本. (*shared co-first authorship) [CSS2022優秀論文賞]
Japanese companies and organizations widely use PPAP (attaching an encrypted ZIP file to an email and then sending its password in the following email) as a security measure despite its ineffectiveness and potential harm. This study aims to clarify how, by whom, and why PPAP and other email security measures are chosen on the basis of a questionnaire survey and an email security analysis. This report provides a preliminary summary of the survey results. This survey revealed that approximately 64% of the 344 organizations that responded to the survey are still using PPAP (as of June 2022). Furthermore, 88% of the organizations that are using PPAP continue to use it even though they are aware of its harmfulness and ineffectiveness. It was also revealed that many organizations have e-mail operations that are vulnerable to attacks against PPAP.