[Warning Signs in the AI Era] ① Record-High Data Breaches... 33% of Companies "Unable to Recover"

As digital transformation and artificial intelligence (AI) technologies continue to spread, incidents threatening cyberspace-such as hacking and other security breaches-are also on the rise. The number of reported security breaches this year has reached an all-time high since records began. This surge is attributed to a significant increase in attacks exploiting vulnerabilities, including server hacking and DDoS attacks.

According to the Korea Internet & Security Agency (KISA) on December 16, the number of reported cyber security breaches this year is expected to surpass 1,800 for the first time. A KISA official stated, "As of December, the number of reported security breaches this year has exceeded 1,800, marking the highest annual figure since recordkeeping began." There were 1,142 cases in 2022 and 1,277 last year, but the number has risen sharply this year.

KISA's Cyber Threat Trend Report also shows that the number of reports in the first half of this year reached 899, the highest on record. This is a significant increase compared to 473 cases in the first half of 2022 and 664 cases during the same period last year.

Security breaches are classified into four categories: server hacking, DDoS attacks, ransomware and other malware infections, and others (such as spam text messages and emails). In particular, the number of server hacking incidents in the first half of this year surged to 504, a 58% increase compared to the first half of last year. Additionally, there were 153 DDoS attacks, 106 reports of ransomware and other malware infections, and 136 cases in the "other" category.

The sharp increase in cyber breaches is primarily due to a surge in attacks targeting companies with weak security management, such as small and medium-sized enterprises (SMEs). According to cybersecurity firm SecuVista, SMEs accounted for 82% of all security breach victims over the past five years. The Chinese hacker group Niyan targeted domestic educational institutions such as Sookmyung Women's University and government websites. In May, they claimed to have stolen account information from Jeju National University and Kwangwoon University and published this information on Telegram.

Ransomware is the most prominent cyber threat targeting SMEs. This method involves holding corporate information assets such as document files hostage and making them unrecoverable unless a ransom is paid. A SecuVista representative reported, "According to a 2022 global ransomware survey, 76% of affected companies paid the ransom. However, one-third of them were still unable to recover their data."

Recently, these threats have expanded beyond companies to include financial scams and investment frauds that exploit illegal mobile phone activations and unauthorized mass text messaging, posing risks to the broader economy and causing inconvenience in people's daily lives.

Concerns about SME security are heightened because a ransomware infection can also impact larger companies and public institutions that work with them. SMEs often lack the financial and human resources to maintain and update security systems. Their awareness of security issues is also relatively lower compared to large corporations, making them more vulnerable targets for hackers when weaknesses are discovered.

This year, new organizations have emerged that operate cybercrime as a business model. The China-based group iSoon targeted major U.S. IT companies, as well as government agencies and local governments in more than 20 countries, including Korea, over the past eight years. Data stolen by iSoon was uploaded to GitHub and made public, an act suspected to have been carried out by an insider. iSoon is known to operate as a cybersecurity company while conducting organized hacking activities under the direction of the Chinese government.

Recently, the advent of generative AI has made it easier for anyone to create and distribute malicious code, and existing cyberattacks have become more automated, raising further concerns. If sensitive data entered by users is used as AI training material, there is a risk that this information could be exposed or misused without authorization. KISA stated, "Employees handling sensitive information should have their PCs' internet access minimized or restricted to only essential connections as part of enhanced security measures. Companies and developers using public repositories or open-source software should also exercise caution."

Yoon Junghyun, Associate Research Fellow at the Institute for National Security Strategy, assessed, "There is a possibility that cyberattacks will become more sophisticated, such as maximizing phishing attacks that combine text, images, audio, and video using generative AI." He added, "If generative AI is misused, it could pose a threat to national security. Therefore, the government should consider a wide range of scenarios and seek to develop strategies and legal reforms at the national level."

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.