Next Year's Major Security Threats Are 'AI'

Artificial Intelligence (AI) was identified as the top anticipated security threat in 2025. As cyberattacks are expected to become more sophisticated and advanced, cyber threats exploiting AI technology have emerged as a major risk factor.

SK Shieldus Vice Chairman Hong Won-pyo is delivering the opening speech at the '2024 SK Shieldus Cyber Security Media Day' held at COEX, Samseong-dong on the 3rd. Photo by SK Shieldus

원본보기 아이콘

On the 3rd, SK Shieldus held the ‘2024 Cybersecurity Media Day’ to present key security threat forecasts and response strategies for 2025. On this day, SK Shieldus Executive Director Lee Jae-woo and EQST Lab Team Leader Lee Ho-seok gave presentations on the topic of ‘2024 Security Trend Review and 2025 Security Threat Outlook.’ The security threats for next year were identified as five key areas: ▲ AI security threats penetrating the AI Transformation (AX) era ▲ Ransomware using multifaceted attack techniques and extortion strategies ▲ Increased system threats managing users and permissions in cloud environments due to relaxed network separation regulations ▲ Chain damage risks from security incidents at partner companies ▲ Increased hacking attack threats on cryptocurrency exchanges.

In particular, it was analyzed that AI-based attacks, such as sophisticated deepfake technology, will increase and expand the scope of damage. Additionally, hacking threats targeting small language models (sLLM) are expected to newly emerge. Compared to external generative AI, sLLM can relatively better prevent sensitive information leakage, leading to high demand among companies. However, risks such as confidential information sharing within departments and external collaborator access remain, requiring continued special caution. SK Shieldus also proposed the introduction of AI-specialized penetration testing services to prepare for these threats. Hong Won-pyo, CEO of SK Shieldus, stated, “To prepare for the industrial structural changes created by AI, AI must be introduced into the cybersecurity domain as a controllable model.”

원본보기 아이콘

Alistair Neill, Global Chief Information Security Officer of Verizon Business, a global partner of SK Shieldus, and SK Shieldus Executive Director Choi Jae-ho presented on the topic of ‘2024 Global Major Breach Insights.’ They pointed out that in 2024, the Asia-Pacific (APAC) region experiences more espionage-motivated attacks and web application attacks due to rapid digitalization compared to other regions. According to the Asia-Pacific region information security statistics released by Verizon on this day, a total of 2,130 breach incidents occurred this year, with the main attack patterns being system intrusions, social engineering techniques, and basic web application attacks accounting for 95% of all incidents. Notably, unlike other regions, espionage motives accounted for 25% of all attacks, showing the most prominent figure. This is a significantly higher rate compared to espionage motive ratios of 4-6% in other regions.

SK Shieldus provides comprehensive security services including security monitoring, consulting, penetration testing, incident response, and cloud security. Based on a group of over 2,000 cybersecurity experts, including the largest white-hacker group EQST, and its self-developed AI security monitoring platform, SK Shieldus offers customized security services to more than 2,000 domestic clients across public, financial, telecommunications, manufacturing, and IT sectors. CEO Hong said, “Recently, cyber threats have become a management risk,” and emphasized, “Preparation for cybersecurity must expand throughout the entire ecosystem.”

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.