 |
North Korean IT hacker. (Photo from social media) |
[Alpha Biz= Paul Lee] Seoul – Concerns over South Korea’s cybersecurity capabilities are mounting after a series of hacking incidents targeting both government institutions and major corporations, despite their government-approved security certifications.
According to a report by U.S. security journal Frack, the South Korean government and local telecom operators were recently attacked by hackers, allegedly from North Korea. Following this, SK Telecom and Lotte Card disclosed large-scale breaches, prompting renewed debate over the effectiveness of the nation’s cybersecurity framework.
On September 5, government officials confirmed that the Ministry of Science and ICT and the Personal Information Protection Commission (PIPC) are preparing reforms to the Information Security Management System (ISMS) and Personal Information & Information Security Management System (ISMS-P) certification programs. The move comes after multiple certified companies, including SK Telecom and online bookseller Yes24, suffered breaches. Notably, Lotte Card was attacked shortly after receiving ISMS-P certification, resulting in the leakage of 1.7 GB of customer data.
Critics argue that loopholes in certification standards and evaluation methods undermine the system’s credibility, with both companies and regulators facing accountability. Lawmaker Lee Hoon-ki of the Democratic Party, a member of the National Assembly’s Science, ICT, Broadcasting and Communications Committee, stated: “Despite significant costs and time invested, ISMS and ISMS-P certifications failed to prevent or contain attacks. They are nothing more than paper tigers. Swift reforms are urgently needed.”
알파경제 Paul Lee 특파원(hoondork1977@alphabiz.co.kr)
