SK Shieldus emphasized that as cyber attacks become more sophisticated with the rise of artificial intelligence (AI), a company's security competitiveness relies not only on its ability to prevent attacks but also on how quickly and accurately it can respond to incidents.
On June 18, SK Shieldus announced the release of a technical report analyzing real investigation cases from its incident response team, Top-CERT, ahead of Information Security Month in July.
According to the report, the number of reported cyber incidents in South Korea reached 2,383 in 2025, nearly double the 1,277 incidents reported in 2023. As attacks become more advanced, the ability to accurately identify the causes, infiltration routes, and scope of damage from incidents is emerging as a core security competency for businesses.
The report pointed out that while many companies invest in security solutions and preventive measures, they often focus on restoring services after an incident occurs, neglecting to thoroughly investigate the infiltration routes and internal spread. This oversight increases the likelihood of reinfection or repeated breaches exploiting the same vulnerabilities.
Top-CERT highlighted through actual incident response cases that investigating cyber incidents is not merely about damage control but is a crucial investment to protect a company's financial assets and brand trust. The report included examples such as recovering data without paying ransom by obtaining decryption keys through memory forensics during ransomware attacks, and restoring deleted logs to determine the extent of personal data breaches, thereby reducing excessive compensation costs and confusion.
Additionally, the report detailed a case where the initial infiltration route of a manufacturing company repeatedly infected by ransomware was identified, preventing further infections, and another case where the attackers' cloud storage was traced back through a supply chain attack to confirm the actual leaked data. These examples illustrate that identifying the causes of incidents, determining the scope of damage, and establishing prevention systems are key elements in enhancing a company's cyber resilience.
Kim Byeong-mu, Vice President of Cybersecurity at SK Shieldus, stated, "Today, a company's security competitiveness is determined not only by how well it can prevent attacks but also by how quickly and accurately it can respond after an incident occurs. Investigating cyber incidents is not just a cost of damage control but a necessary investment to protect a company's core assets and brand trust."
* This article has been translated by AI.
Copyright ⓒ Aju Press All rights reserved.