On the 14th, the Financial Security Institute announced that it is promoting the development of attack surface management (ASM) technology for the financial sector to proactively identify and manage security risks related to financial security.
The attack surface refers to all combinations of vulnerabilities and intrusion paths that hackers can exploit, such as exposure of administrator pages, insider threats, and use of default passwords. Attack surface management involves continuously monitoring these elements and taking necessary security measures.
As the complexity of IT assets increases, the importance of attack surface management is gradually growing. Currently, the Financial Security Institute provides attack surface management services to financial companies based on intrusion attempt data obtained during security monitoring. This year, in addition to security monitoring data, they plan to comprehensively analyze vulnerability information and incident data, automate the identification of IT assets and the discovery of vulnerabilities, and enhance the attack surface management service.
At the same time, by expanding the scope of analysis to external areas of financial companies such as cloud computing and third-party services, rapid and effective risk management will be possible even in an expanded IT asset environment. Financial companies will receive timely security recommendations regarding threats to IT assets that are difficult to recognize, thereby reducing the likelihood of security incidents.
Park Sang-won, President of the Financial Security Institute, stated, "Even vulnerabilities that are easy to overlook can be a foothold for hackers' attacks, so it is necessary to continuously identify, analyze, and respond to risk factors of IT assets through attack surface management activities." He added, "By detecting these risk factors faster than hackers and preparing countermeasures, we will further strengthen the safety of the financial sector's IT environment."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
