'Security by Design' Must Come Before Widespread AI Adoption
"One Hacker, Many Responses... Fragmented Governance Poses a Threat"
There was a recommendation that companies should be advised to maintain a certain minimum ratio of information security investment relative to their information technology investment. At the 'Information Security Industry Meeting' hosted by the Ministry of Science and ICT and held at the IT Venture Tower in Songpa-gu, Seoul on July 8, Kim Taekyun, CEO of Penta Security Systems, stated, "Currently, listed companies invest about 6%, but if a system is established to secure a ratio of up to 10%, it could encourage more proactive security investment by companies."
At the meeting, which was chaired by Vice Minister Ryu Jemyung, industry representatives strongly called for strengthening cybersecurity capabilities and systematically fostering the information security industry as prerequisites for realizing global leadership in AI. The underlying idea is that security technology should be regarded not just as a risk management tool, but as a national strategic industry.
Major domestic information security companies such as AhnLab, Igloo Security, Penta Security Systems, and Eroun&Company attended the event. They identified several common challenges, including increasingly sophisticated cyber threats, underutilized AI security technologies, and the reality that information security is often deprioritized within the industry.
Yoon Doosik, CEO of Eroun&Company, emphasized, "If sovereign AI spreads in Korea, it will eventually extend to SOC (social infrastructure), public, and private networks as well." He added, "Even before entering the market in earnest, AI models with built-in security?based on the concept of 'design by security'?must be prepared from the outset." He further stated, "Cybersecurity technologies to protect AI must also be developed at an early stage, and this is directly linked to future export competitiveness."
There were also issues raised based on the experiences of field practitioners. Jung Ilok, a senior advisor at Igloo Corporation, remarked, "From the standpoint of developing and applying AI-based security products, the biggest challenge is the lack of standards." She explained, "While security products typically have clear specifications, for AI products, both the ordering organizations and the suppliers are uncertain about the required development level and how they should be applied."
The need for structural improvements to support overseas expansion strategies and the growth of the industrial ecosystem was also highlighted. Lee Sangkuk, Executive Director of AhnLab, said, "As AI technology begins to gain trust, new opportunities are opening up for security companies that have previously felt limited in the global market." He continued, "Although AhnLab is a leading security company in Korea, it still faces challenges in establishing a presence in the global market."
He added, "AI itself is not yet directly profitable and is currently used only to enhance the reliability of existing products. Rather than competing solely among domestic security companies, it is essential to build a structure that fosters alliances and cooperative ecosystems with other industries such as automotive, finance, and shipbuilding, so that we can compete with global top-tier companies."
Lee Hyungtaek, CEO of Innotium, cited a recent case in Korea where a company considered complying with a hacker's demand for tens of billions of won, pointing out, "We live in an era where data is that important, but victimized companies have nowhere to turn and are reluctant to report incidents." He noted, "For example, even in the case of a defense contractor's design leak, it is unclear whether the jurisdiction lies with the National Intelligence Service, the investigation headquarters, or the Defense Counterintelligence Command." He said, "Hackers operate as a single organization, but our governance is fragmented, making it difficult to respond quickly and creating ambiguity in accountability."
He especially emphasized, "Recently, hackers have been advancing their attacks with 'Ransomware as a Service (RaaS)' that combines AI and cloud-based structures. It is now time to completely redesign national defense systems, authentication and export policies, and legal frameworks."
Vice Minister Ryu stated, "Information security is a field that often does not receive enough attention, so its importance tends to be undervalued in society. As information security and cybersecurity capabilities are the most important foundation for the competitiveness of AI development, we will actively support efforts to build a social consensus on their necessity."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
