Data protection and privacy in South Korea

lexology | November 20, 2019

The legislative framework for the protection of PII in Korea consists of the Personal Information Protection Act (the PIPA) and various sector-specific laws. The PIPA is the overarching statute regarding the protection of PII and was enacted with reference to the OECD guidelines and similar foreign precedents. Regarding information communication technology (ICT) and online privacy, the Act on Promotion of Information and Communications Network Utilisation and Information Protection (the Network Act) applies. Additionally, Korea has the following sector-specific laws that regulate the protection of PII.

Spotlight

Phishing scams are almost always emails that appear to be from a legitimate business that needs your urgent attention on some matter. From there, scammers will try to get you to click on their spoofed, fake and malicious links and steal your credentials. One-click is all these criminals need to gain access to a treasure trove of personal information like credit card numbers, personal data, and other confidential files. The payoff in victimizing certain brands or large corporations is greater, so naturally, scammers allocate more of their resources to target their phishing attacks on big companies.

Spotlight

Phishing scams are almost always emails that appear to be from a legitimate business that needs your urgent attention on some matter. From there, scammers will try to get you to click on their spoofed, fake and malicious links and steal your credentials. One-click is all these criminals need to gain access to a treasure trove of personal information like credit card numbers, personal data, and other confidential files. The payoff in victimizing certain brands or large corporations is greater, so naturally, scammers allocate more of their resources to target their phishing attacks on big companies.

Related News

SOFTWARE SECURITY

Turing AI Launches Search Attribute in Video Security Platform

Turing AI | June 16, 2022

Turing AI has added people attribute search, a game changing feature in AI Security, to their flagship AI-powered video security platform Turing Vision. Whereas other camera-based security system depends on facial recognition and object detection alone to safeguard facilities and locate events, people attribute search adds several factors to identification, enhancing speed and accuracy of finding and recognizing people at the scene of events. With the inclusion of individuals attribute search, customers can now search for a people inside Turing Vision based on: Object detection of people Identity detections based on facial recognition* Attribute detection* based on: Clothing color, long or short sleeve shirts; pants vs. shorts Bags Hats Weiwei Chen, VP of Engineering at Turing AI said that, “Security is the number one priority for our clients. With the addition of people attribute search, we now have three algorithms: object detection, identity recognition and attribute detection to improve both the speed and accuracy of evidence collection significantly, allowing our clients to streamline their security workflow.” Turing AI is committed to guarantee its platform comply with applicable regulations. Activation depends on state regulations and the compliance with Biometric Information Protection Act (BIPA) (BIPA). Please refer to our privacy policy, and compliance available. Ron Rothman, President of Turing AI emphasized on “I truly believe this is where the industry is heading when it comes to AI security and Turing AI is proud to be among the leaders implementing this technology.” Ron broke it down this way, “People are more likely to accurately remember clothing and accessories rather than the physical description of a person. People attribute Search broadens the spectrum of elements when it comes to identification. For example, if someone suspicious near the scene was wearing a short-sleeved red shirt and a hat, clients can search for those attributes rather than relying solely on remembering race, eye color or hair color, which can be challenging when someone is wearing a hat.”

Read More

PLATFORM SECURITY

Sophos Announces Sophos X-Ops

Sophos | July 21, 2022

Sophos, a global leader in next-generation cybersecurity, today announced Sophos X-Ops, a new cross-operational unit linking SophosLabs, Sophos SecOps and Sophos AI, three established teams of cybersecurity experts at Sophos, to help organizations better defend against constantly changing and increasingly complex cyberattacks. Sophos X-Ops leverages the predictive, real-time, real-world, and deeply researched threat intelligence from each group, which, in turn, collaborate to deliver stronger, more innovative protection, detection and response capabilities. Sophos today is also issuing “OODA: Sophos X-Ops Takes on Burgeoning SQL Server Attacks,” research about increased attacks against unpatched Microsoft SQL servers and how attackers used a fake downloading site and grey-market remote access tools to distribute multiple ransomware families. Sophos X-Ops identified and thwarted the attacks because the Sophos X-Ops teams combined their respective knowledge of the incidents, jointly analyzed them, and took action to quickly contain and neutralize the adversaries. “Modern cybersecurity is becoming a highly interactive team sport, and as the industry has matured, necessary analysis, engineering and investigative specializations have emerged. Scalable end-to-end operations now need to include software developers, automation engineers, malware analysts, reverse engineers, cloud infrastructure engineers, incident responders, data engineers and scientists, and numerous other experts, and they need an organizational structure that avoids silos,” said Joe Levy, chief technology and product officer, Sophos. “We’ve unified three globally recognized and mature teams within Sophos to provide this breadth of critical, subject matter and process expertise. Joined together as Sophos X-Ops, they can leverage the strengths of each other, including analysis of worldwide telemetry from more than 500,000 customers, industry-leading threat hunting, response and remediation capabilities, and rigorous artificial intelligence to measurably improve threat detection and response. Attackers are often too organized and too advanced to combat without the unique combined expertise and operational efficiency of a joint task force like Sophos X-Ops.” Speaking in March 2022 to the Detroit Economic Club about the FBI partnering with the private sector to counter the cyber threat, FBI Director Christopher Wray said, “What partnership lets us do is hit our adversaries at every point, from the victims’ networks back all the way to the hackers’ own computers, because when it comes to the FBI’s cyber strategy, we know trying to stand in the goal and block shots isn’t going to get the job done. “We’re disrupting three things: the threat actors, their infrastructure and their money. And we have the most durable impact when we work with all of our partners to disrupt all three together.” Sophos X-Ops is taking a similar approach: gathering and operating on threat intelligence from its own multidisciplinary groups to help stop attackers earlier, preventing or minimizing the harms of ransomware, espionage or other cybercrimes that can befall organizations of all types and sizes, and working with law enforcement to neutralize attacker infrastructure. While Sophos’ internal teams already share information as a matter of course, the formal creation of Sophos X-Ops drives forward a faster, more streamlined process necessary to counter equally fast-moving adversaries. “Effective cybersecurity requires robust collaboration at all levels, both internally and externally; it is the only way to discover, analyze and counter malicious cyber actors at speed at scale. Combining these separate teams into Sophos X-Ops shows that Sophos understands this principle and is acting on it.” Michael Daniel, president and CEO, Cyber Threat Alliance Sophos X-Ops also provides a stronger cross-operational foundation for innovation, an essential component of cybersecurity due to the aggressive advancements in organized cybercrime. By intertwining the expertise of each group, Sophos is pioneering the concept of an artificial intelligence (AI) assisted Security Operations Center (SOC), which anticipates the intentions of security analysts and provides relevant defensive actions. In the SOC of the future, Sophos believes this approach will dramatically accelerate security workflows and the ability to more quickly detect and respond to novel and priority indicators of compromise. “The adversary community has figured out how to work together to commoditize certain parts of attacks while simultaneously creating new ways to evade detection and taking advantage of weaknesses in any software to mass exploit it. The Sophos X-Ops umbrella is a noted example of stealing a page from the cyber miscreants’ tactics by allowing cross-collaboration amongst different internal threat intelligence groups,” said Craig Robinson, IDC research vice president, Security Services. “Combining the ability to cut across a wide breadth of threat intelligence expertise with AI assisted features in the SOC allows organizations to better predict and prepare for imminent and future attacks.” About Sophos Sophos is a worldwide leader in next-generation cybersecurity, protecting more than 500,000 organizations and millions of consumers in more than 150 countries from today’s most advanced cyberthreats. Powered by threat intelligence, AI and machine learning from SophosLabs and SophosAI, Sophos delivers a broad portfolio of advanced products and services to secure users, networks and endpoints against ransomware, malware, exploits, phishing and the wide range of other cyberattacks. Sophos provides a single integrated cloud-based management console, Sophos Central – the centerpiece of an adaptive cybersecurity ecosystem that features a centralized data lake that leverages a rich set of open APIs available to customers, partners, developers, and other cybersecurity vendors. Sophos sells its products and services through reseller partners and managed service providers (MSPs) worldwide.

Read More

PLATFORM SECURITY

XM Cyber Acquires Cyber Observer

XM Cyber | June 28, 2022

XM Cyber, a hybrid cloud security provider, announced the acquisition of Cyber Observer, a pioneer in Continuous Controls Monitoring (CCM) and Cloud Security Posture Management (CSPM). This is XM Cyber's latest growth milestone in a year in which the organization has considerably increased its lead position in the cybersecurity market. Companies are changing faster than ever before, owing to growing regulation, competition, and consumer expectations. Traditional risk management techniques are no longer cost-effective and are incapable of providing the coverage or speed necessary in a dynamic digital environment. By incorporating XM Cyber's market-leading attack path management with Cyber Observer's continuous control monitoring, security teams will be able to see both their cyber exposures as well as how their existing security controls and identification and response tools can react to these threats at any given time, accurately representing the true risk to the business. The Cyber Observer platform will be incorporated into XM Cyber's, providing a unified, continuous picture of the vulnerabilities and exposures that put vital assets at risk, as well as the security control gaps that fail to prevent assaults. It will also automate compliance validation and reporting for important standards such as ISO, NIST, GDPR, SWIFT, and PCI. "Even as awareness of cybersecurity risk continues to grow, attackers are thriving and routinely exploiting attack paths that can be used to move laterally through an enterprise network. Our goal is to give security teams the ability to easily understand and correct their security posture on a continuous basis, including weaknesses, exposures and compensating security controls across the full internal and external attack surface covering on-prem, cloud and SaaS systems. This acquisition is not an isolated event, but just the latest step in our strategy to provide the most comprehensive and proactive security posture management platform on the market." Noam Erez, co-founder and CEO, XM Cyber Schwarz Group is the world's fourth largest retailer and a major player in cloud computing. With the establishment of a European cloud, the corporation has expanded fast in the digital area in recent years. Schwarz bought XM Cyber as its cyber branch in November 2021. Since then, XM Cyber has expanded its product offering, increased its worldwide staff, and enlarged its customer base. Schwarz's strong financial stability and wide digital vision are a driving force for development and innovation. "Cyber Observer's patented continuous control monitoring capabilities are a perfect complement to XM Cyber's award-winning hybrid cloud security platform. We are excited about this opportunity and look forward to working with the XM Cyber team to deliver the first end-to-end continuous cyber security posture management solution supporting both cloud and on-premises coverage," said Shimon Becker, co-founder and CEO, Cyber Observer.

Read More