SK Shieldus emphasized that as cyber attacks become more sophisticated with the rise of artificial intelligence (AI), a company's security competitiveness relies not only on its ability to prevent attacks but also on how quickly and accurately it can respond to incidents.
On June 18, SK Shieldus announced the release of a technical report analyzing real investigation cases from its incident response team, Top-CERT, ahead of Information Security Month in July.
According to the report, the number of reported cyber incidents in South Korea reached 2,383 in 2025, nearly double the 1,277 incidents reported in 2023. As attacks become more advanced, the ability to accurately identify the causes, infiltration routes, and extent of damage from incidents has emerged as a core security competency for companies.
The report pointed out that while many companies invest in security solutions and preventive measures, they often focus on restoring services after an incident occurs, neglecting to thoroughly verify the infiltration routes and internal spread of the attack. This oversight increases the likelihood of reinfection or repeated breaches exploiting the same vulnerabilities.
Top-CERT highlighted that investigating cyber incidents is not merely about damage control but is a crucial investment to protect a company's financial assets and brand trust. The report included examples such as recovering data without paying ransom by obtaining decryption keys through memory forensics during ransomware attacks, and restoring deleted logs to determine the scale of personal data breaches, thereby reducing excessive compensation costs and confusion.
Additionally, the report detailed a case where the initial infiltration route of a manufacturing company repeatedly infected by ransomware was identified, preventing further reinfection, and another case where the attackers' cloud storage was traced back through a supply chain attack, confirming the actual data that was leaked. These examples illustrate that identifying the causes of incidents, determining the extent of damage, and establishing prevention systems are key elements in enhancing a company's cyber resilience.
Kim Byeong-mu, Vice President of Cybersecurity at SK Shieldus, stated, "Today, a company's security competitiveness is determined not only by how well it can block attacks but also by how quickly and accurately it can respond after an incident occurs. Investigating cyber incidents is not just a cost for damage control; it is an essential investment to protect a company's core assets and brand trust."
* This article has been translated by AI.
Copyright ⓒ Aju Press All rights reserved.