The Ministry of Science and ICT and the Korea Internet & Security Agency (KISA) announced on June 26 that they will implement measures to enhance cybersecurity for small and medium-sized enterprises (SMEs).
With the increasing threat of cyberattacks utilizing frontier AI models, there is a growing need for SMEs, which typically have weaker security capabilities, to bolster their defenses. To address this, the Ministry will launch various support programs, including security investment consulting, vulnerability assessments, and AI-based security diagnostics to improve the information protection levels of SMEs.
Initially, the Ministry will operate a "Security Investment Guide" web tool that allows SMEs to assess their security levels and prioritize investments. This tool will provide guidance on security investment priorities and government support programs tailored to each company's budget, accessible for free through the regional information protection support center's website.
KISA will also offer free "attack surface assessments" to analyze external attack vectors. Any SME can apply through the KISA Protection Country website or one of the 16 regional information protection support centers, where they will receive analysis of vulnerabilities and suggested countermeasures.
For domestic software development companies, support will be provided for diagnosing software supply chain security systems. This includes open-source vulnerability analysis, secure coding, dynamic diagnostics, and development environment checks to assess software security threats, with a focus on assisting SMEs.
For local SMEs that have experienced security incidents or detected recent threats, the Ministry will provide information security consulting, IT security packages, and Security as a Service (SECaaS) packages. These packages will include various security solutions such as security monitoring, firewalls, web application firewalls (WAF), network-attached storage (NAS), endpoint detection and response (EDR), email security, data protection, multi-factor authentication (MFA), and virtual private networks (VPN).
Starting in July, an AI-based vulnerability assessment infrastructure utilizing frontier AI models will also be available. Any domestic SME can apply through the Information Protection Industry Promotion Portal, and they will have free access to vulnerability assessment tools and Software Bill of Materials (SBOM) generation tools established at KISA's Garak headquarters and the Pangyo Information Security Cluster.
Additionally, the Ministry will offer free practical penetration testing using actual hacking techniques for companies in critical sectors such as healthcare, communications, education, and retail. Alongside this, technical support will be provided to diagnose security vulnerabilities in SMEs' systems, websites, and applications to prevent data breaches and system failures.
Lim Jeong-kyu, Director of the Information Security Network Policy Bureau at the Ministry, stated, "The Ministry is preparing various programs to strengthen the security capabilities and fundamentals of SMEs. We will actively work to ensure that many companies benefit from these initiatives."
According to the Ministry, the number of security incidents recorded last year was 2,383, a 26.3% increase from 1,887 incidents the previous year.
* This article has been translated by AI.
Copyright ⓒ Aju Press All rights reserved.