2019 Information Security Status Survey Results
[Asia Economy Reporter Seulgi Na Cho] As concerns over security rise due to the increased use of the Internet of Things, wireless internet, and artificial intelligence (AI) services, efforts within companies to establish information security policies, operate organizations, and conduct training have been confirmed to be expanding. The experience rate of information security breaches in companies was 2.8%, lower than that of individuals (4.2%). For individuals, the greatest concerns were malware infection, personal information leakage, and privacy invasion.
According to the results of the ‘2019 Information Security Status Survey’ announced on the 26th by the Ministry of Science and ICT and the Korea Information Security Industry Association, the recognition of the importance of information security based on companies’ information security infrastructure and environment was 87.0%, similar to the previous year.
However, efforts in information security have expanded. The rate of companies establishing related policies rose by 7.1 percentage points from the previous year to 23.1%. The rates of organizational operation and training implementation also increased by 6.9 percentage points and 1.4 percentage points, respectively, to 12.3% and 29.4% compared to one year ago.
Regarding budget allocation, 32.3% of companies allocated budgets for information security, and it was found that larger companies had higher rates of holding information security budgets. The proportion of companies allocating less than 1% of their IT budget to information security (or personal information protection) decreased (20.2%, down 5.0 percentage points), while those allocating 5% or more increased (2.9%, up 1.2 percentage points).
Measures taken by companies to prevent security breaches showed a high proportion in the following order: use of information security products (93.5%), application of security patches (85.8%), security inspections (85.1%), system log and data backup (52.6%), and use of information security services (42.5%).
The experience rate of security breaches in companies was 2.8%, with ransomware (54.1%) still being high. Malware (39.5%, down 8.2 percentage points) decreased, while hacking (13.7%, up 9.3 percentage points) showed an increasing trend.
Response activities to security breaches were carried out by 26.2% of companies, an increase of 8.8 percentage points from the previous year. Specifically, measures such as establishing emergency contact systems, formulating breach response plans, and building and operating breach response teams were taken.
Additionally, a survey on security concerns regarding wireless internet (up 6.0 percentage points) and the Internet of Things (up 12.4 percentage points), whose usage has increased among major IT services, showed that for wireless internet, the highest concern was ‘exploitation as a tool for DDoS attacks or malware infection routes,’ and for the Internet of Things, ‘hacking and malware infection’ was the highest.
Along with this, a survey on individuals’ information security status showed that the recognition of the importance of information security was 95.3%, similar to the previous year. By age group, those in their 30s had the highest recognition rate at 97.0%.
Measures taken by individuals to prevent security breaches showed a high proportion in the following order: updating antivirus programs (92.6%), using information security products (87.9%), updating operating system security (84.6%), setting PC passwords (79.5%), and data backup (50.7%). For data backup methods, PCs mainly used USB memory or external hard drives (81.8%), while mobile devices mainly used cloud servers (75.8%).
The experience rate of security breaches among individuals was 4.2%, with malware infection (2.7%) and personal information leakage and privacy invasion (1.8%) being common breach types. Furthermore, when breaches occurred, 84.2% of users took response actions such as changing passwords (44.1%), installing security software (39.1%), and conducting self-checks and strengthening preventive activities (36.9%).
Users showed significant concern over ‘breaches due to illegal collection of personal information’ (68.0%) and ‘illegal misuse through hacking’ (67.1%).
In addition, in the first-ever survey on IP cameras conducted this year, 4.1% of internet users used IP cameras, and the greatest concern was ‘secondary crimes such as home intrusion and sexual crimes due to exposure of video information’ (68.5%).
Heo Seong-wook, Director of the Information Security Network Policy at the Ministry of Science and ICT, stated, “The increase in companies’ establishment of information security policies and organizational operation is a positive development,” but also urged, “Information security requires constant vigilance because negligence can lead to enormous financial and operational losses due to increasingly sophisticated and advanced cyberattacks.”
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
