Sophisticated AI Hacking: "Urgent Need for Legal, Regulatory, and Technical Countermeasures and Incident Response Protocols"

Experts have pointed out that as cyber hacking becomes more sophisticated through artificial intelligence (AI) technology, it is urgent for companies to establish legal, regulatory, and technical countermeasures, as well as to build incident response protocols.

At the seminar titled "Recent Cybersecurity Threats and Corporate Response Strategies" held on the 15th at the Korea Chamber of Commerce and Industry Hall on Sejong-daero, Lawyer Lee Inhwan of Kim & Chang Law Office is giving a presentation on the topic "Current Status of Cybersecurity Incidents and Legal Response Methodologies." Korea Chamber of Commerce and Industry

The Korea Chamber of Commerce and Industry, together with Kim & Chang Law Office, held a seminar titled "Recent Cybersecurity Threats and Corporate Response Strategies" on the 15th at the Chamber’s headquarters in Jung-gu, Seoul, where they shared new AI-driven hacking techniques, the current status of domestic corporate responses, and institutional and technological challenges.

With a series of security incidents and system failures occurring at companies such as Coupang, SK Telecom, KT, and Upbit-including the recent Coupang personal information leak-cyber threats are spreading across all industries. Various related indicators are also raising further alarm.

According to data from the Korea Chamber of Commerce and Industry, citing statistics from the Korea Internet & Security Agency (KISA), the number of reported cyber incidents in the first half of this year reached 1,034, a 15% increase compared to the same period last year. The number of reports has been steadily rising since 2021, after the COVID-19 pandemic. In just the first half of this year, the number already surpassed the 640 cases reported during the entire year of 2021.

Analysts point to the increase in distributed denial-of-service (DDoS) attacks and server hacking using Internet of Things (IoT) devices, which are particularly vulnerable to account management, as a major factor.

In contrast, the cybersecurity readiness level of Korean companies still falls short of the global average. According to a survey by networking and cybersecurity solutions provider Cisco of 8,000 business leaders in 30 major countries, 80% of Korean companies assessed their security preparedness as being at the "initial" or "formative" stage, exceeding the global average of 70%. In particular, 28% responded that they were at the "initial" stage-three times the 30-country average-while only 20% said they were at the "advanced" or "mature" stage.

Experts emphasize that, in line with the government’s efforts to strengthen information security capabilities, companies must also make proactive preparations. While the government is promoting a comprehensive, cross-ministerial information security plan-including a full review of IT systems and the introduction of punitive fines-experts advise that companies must go further. They specifically recommend that incident response protocols, including reporting to relevant authorities, consumer response, and parliamentary response, should be subdivided into minute- and hour-based procedures to enable immediate action in the event of an incident.

Furthermore, as hackers use AI to automate attack processes and generate malware that can modify its own code, experts stress that companies must also establish comprehensive response systems, such as asset visibility and backup frameworks, to address these evolving threats.

The Korea Chamber of Commerce and Industry stated, "As corporate information hacking becomes more sophisticated and shifts toward organized crime, the response level of Korean companies remains insufficient. To prepare for cybersecurity incidents, companies must familiarize themselves in advance with relevant laws such as the Information and Communications Network Act, Personal Information Protection Act, Electronic Financial Transactions Act, and Credit Information Act, and review the status of their own cybersecurity systems."

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.