[IT Cafe] "Security Lockdown" as Hot as AI... IT Companies on Edge Amid Series of Hacks

As more companies are adopting artificial intelligence (AI) tools and cloud systems in their work, the IT industry is significantly strengthening its internal security protocols. This heightened vigilance stems from a series of hacking incidents targeting major corporations this year, as well as the recent revelation that even government administrative systems have been breached, raising concerns across both the public and private sectors.

On October 17, the Ministry of the Interior and Safety announced that there was evidence of unauthorized access by hackers to the government employee work system known as the 'Onnara System.' The hackers infiltrated the system via a remote access service (GVPN), and it has been reported that some certificates and account information were leaked. This incident was initially reported by the U.S. security media outlet 'Prac' in August, and the government has now officially acknowledged it after more than two months. The confirmation that even public networks are not immune to hacking has further underscored the reality of security threats for both public and private organizations.

Recently, as work infrastructure such as AI tools, operating systems (OS), and cloud platforms has grown more complex, the focus of security management has shifted from 'system inspection' to 'user-level management.' Detailed safety standards are now being applied throughout the entire process, from internal networks and devices to AI data input.

In August, Naver Webtoon issued an internal notice via its company messenger 'Slack,' instructing employees not to use the free version of Google AI Studio. The reason was that information entered into the free version could be reused as AI training data and potentially exposed externally. Since May, Naver Webtoon has officially designated the enterprise paid version of Google's generative AI model 'Gemini' as its official AI tool for work. Google AI Studio currently offers Gemini search functionality, but employees are required to use the paid version, not the free one, and must also complete a 'cloud-based software security review' process beforehand. Even as generative AI is being actively adopted for work, the company is attempting to control the risk of information leaks starting from the data input stage.

Last month, ahead of the end of support for Microsoft Windows 10, Kakao notified its employees to complete updates on all work PCs. The notice stated that failure to comply within the deadline would result in being blocked from accessing the company network. This measure was implemented to preemptively address the increased risk of hacking that arises when security patches are no longer provided after OS support ends.

SK Telecom, which experienced a hacking incident in the first half of the year, continues to provide ongoing security guidance to its employees. On September 30, in recognition of 'Personal Information Protection Day,' SK Telecom reiterated practical rules to its staff, such as 'Do not open attachments or click links in suspicious emails' and 'Do not install illegal software.' An industry official commented, "As the pace of work efficiency accelerates, security policies must keep up," adding, "It is important to establish safe usage procedures alongside technological innovation."

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.