A foreign white-hat hacker hacked information from a domestic corporations A that is active in exports. Then the hacker informed A of this and pointed out cybersecurity vulnerabilities. But here, something "laughably sad" happened. Not only did A fail to recognize the hack in the first place, it treated the white-hat hacker's email as spam and ignored it. Frustrated, the white-hat hacker tipped off foreign media, and only when a foreign client, after seeing the report, inquired in reverse did A recognize the hack.
As large-scale hacking and personal information leaks continue to occur across public institutions and private corporations, cybersecurity is emerging as a matter of survival.
On 24th at Deloitte Anjin headquarters in Yeouido, Yeongdeungpo District, Seoul, Baek Cheol-ho, leader (Deputy Minister) of the Cyber & Resilience Integrated Service Group, said of the recent string of cybersecurity incidents, "A 5-pyeong house has grown into a 1,000-pyeong mansion over 20 years, but the number of guards protecting it—namely, the expenditure on security—has stayed the same."
Explaining why responding to cyber incidents is difficult, Baek cited the earlier case of A and said, "If a burglar physically breaks into the mansion, you can detect it through a closed-circuit (CC) TV or fingerprints, but in cyberspace, in many cases you don't even know a burglar got in." Because they fail to recognize the problem and cannot pinpoint the cause, they cannot come up with solutions, let alone measures to prevent recurrence.
The Cyber & Resilience Integrated Service Group that Baek leads was created in Aug. to respond to this increasingly complex cyberthreat environment. It integrated the cyber expert organizations in the management advisory institutional sector and the consulting institutional sector into one, consolidating specialized advisory capabilities that had been dispersed by business unit. They provide one-stop cyber advisory services that cover the entire process from corporations' strategy development to diagnosis, improvement, operations, incident response, and prevention of recurrence.
Since joining in 1996, Baek has worked at Deloitte Anjin for nearly 30 years. An early member of the Corporate Finance Advisory Division established around the time of the International Monetary Fund (IMF) crisis, Baek handled accounting and internal audits, investigations into rehabilitating corporations, and due diligence work. Until just before, Baek led the risk, regulatory, and forensic divisions in the management advisory institutional sector. The following is a Q&A with Baek.
─ What is one-stop cyber advisory service.
"It means an 'A to Z (full lifecycle)' service to respond to various threats arising in cyberspace and secure business continuity. We offer a range of services from preventive ones like information protection strategy, systems, and risk assessment to post-incident management such as investigations, prevention of recurrence, and minimizing damage. In particular, we are responding globally to cybersecurity threats tailored to rapid changes of the times, such as artificial intelligence (AI), the Internet of Things (IoT), and vehicle (in-vehicle) security."
─ How is the team staffed.
"Securing technical capability is essential to provide services with real impact. Especially, analysis of cyberthreats or incident investigations can only be performed by technical experts in the field. Deloitte has been steadily securing talent with technical skills, and we operate technology-based services such as vulnerability assessments, penetration testing, and digital forensics at the largest scale among consulting firms. Team members maintain expertise by sharing training on the latest technologies and success cases in connection with Deloitte Global."
─ What risks arise in cyberspace.
"The commonly known one is personal information leaks, and lately industries that hold assets that can be monetized, such as the gaming and blockchain sectors, have become concentrated targets. In most cases, dependence on IT, such as AI and smart factories, is growing, but incidents occur because security is treated only as an expense issue. Even if you block cyberattacks, it's not conspicuous, and even with good prevention, incidents can happen. As a result, most corporations have invested only the minimum expense, delayed adopting the latest technologies and solutions, minimized operations and monitoring staff, and leadership attention has been low.
However, recently there has been a change. One corporations that recently had an incident (under group consulting) increased its budget more than fivefold to prevent recurrence. We provided comprehensive services to appoint a C-level executive at the executive director level or higher to expand roles and responsibilities (R&R) and to establish plans to strengthen the information protection system aligned with management strategy and the latest technology trends."
─ There have been many cases in Korea recently.
"Cyberattacks mainly target places among corporations with many users, such as telecommunications companies or retailers. Places with many partners or many employees also become targets. Unfortunately, in the case of telecoms, thanks to heavy investment in security, it can be determined whether an incident occurred and how much damage was done, but ordinary corporations are at a level where they don't even know what hacking attempts have occurred."
─ How are corporations responding.
"There is demand for cybersecurity in markets where there are significant assets, data, and brands to protect. It is a sort of advanced-economy business. Globally, several places in North America and Western Europe, and in Asia, Japan, Taiwan, and Korea are representative target markets. In particular, in Korea, export-focused corporations are the main clients, and because advanced economies have significant risks such as detailed regulations, I believe related demand will inevitably continue to grow."
─ What are the trends in cyber incidents going forward, and how should organizations prepare.
"In Korea, even the telecoms that invested the most in building cybersecurity systems all had incidents, so what about other places. In the short term, I actually expect the number of incidents to increase. The reason is AI. Recently, as attackers use AI as a means, hacking attempts have more than doubled. At the same time, as detection capabilities using AI advance, we are catching many more incidents that we did not recognize in the past.
It is very important to use intelligence on cyberthreats (not only collecting information but also analysis, insight, and prediction) to detect risks in advance, and to have a system that can quickly block and defend when signs of abnormality are found. Korea corporations could, in as little as 10 years, have cybersecurity awareness and systems on par with other advanced countries."