Home > Opinion > Columns

Korea faces rising cyber threats, experts call for active defense strategy

Published: 30 Sep. 2025, 00:04

Song Jong-seok

The author is a visiting professor of cybersecurity at Yeungnam University College of Science and Technology.

A string of recent cyberattacks in Korea has rattled both industry and the public. The breaches — from SIM card data leaks at SK Telecom (SKT) to small-payment fraud at KT and personal credit information exposure at Lotte Card — have shown that no sector is immune. These incidents are more than corporate setbacks. They carry implications for daily life and national security, demanding urgent attention.

Companies have long treated cybersecurity as a cost rather than a survival issue. This attitude has delayed meaningful investment and left systems undermanaged. As a result, even relatively unsophisticated attacks have exploited structural weaknesses and stolen sensitive data.

Pedestrians pass by a KT Store in Seoul on Sept. 11. [NEWS1]

The larger danger, however, lies in threats that remain hidden until it is too late. Analysts note that a significant share of cyber intrusions now takes the form of advanced persistent threats, or APTs, which infiltrate systems quietly and stay dormant for years. The SKT case is particularly troubling: Attackers reportedly accessed the network for four years, extracting information without detection.

In another case, criminals used unauthorized micro base stations to hack KT’s network, intercepting communications and attempting fraudulent charges. By bypassing user authentication and exploiting decrypted signals between base stations, the attackers demonstrated how crime groups have developed sophisticated tools to outpace traditional defenses.

The surge in attacks reflects a deeper imbalance between offense and defense in cyberspace. Attackers are becoming more organized and technically advanced, while defenses remain passive and reactive. Restoring balance, experts argue, requires a fundamental shift in strategy.

The government has acknowledged the urgency, declaring cyber threats a danger to both the public and national security. Officials have pledged reforms in regulations and systems. But declarations alone will not suffice. Korea must build defensive capacities that match or surpass the sophistication of its adversaries.

That means moving beyond conventional vulnerability analysis and intrusion detection. Korea should develop an active defense strategy modeled on international best practices but tailored to its environment. Such a strategy would extend defensive perimeters beyond internal networks to include external partners and cloud services. It would involve monitoring for early signs of attack, tracing threats to their origin, and neutralizing them before damage occurs.

Equally important is rooting out threats that may already be inside networks. Attackers must be prevented from remaining hidden for years. To achieve this, experts call for specialized "threat hunting" teams staffed with highly trained professionals. These units should be equipped with advanced tools and given both legal authority and organizational backing to operate across public and private infrastructure.

The United States military moved in this direction in 2018, recognizing the limits of traditional defensive concepts. Korea faces a similar choice. Without structural change, it risks remaining on the defensive against increasingly sophisticated intruders.

Training is another critical area. Korea cannot rely on theoretical instruction alone. Practical, combat-like exercises — including simulated cyber wars and live incident response drills — must become mandatory. Building a national cyber training ground would allow specialists to prepare under realistic conditions. Israel provides one model. Its cyber command trains personnel as rigorously as fighter pilots, a reminder that cybersecurity is no longer a technical support function but a front-line defense.

Korea’s painful experiences underscore this need. In 2016, North Korean hackers breached the military’s internal network, exposing gaps in readiness. Experts later admitted that limited real-world training left them unprepared. Such lapses cannot be repeated.

SK Group Chairman Chey Tae-won bows in apology during a press conference at SKT Tower in Jung District, central Seoul, on May 7. [JOINT PRESS CORPS]

As Korea pursues its ambition to become a global leader in artificial intelligence, it must invest equally in robust cyber defenses. AI leadership will mean little if the country remains vulnerable to invisible intruders who can compromise critical infrastructure or undermine public trust.

Ultimately, security should be seen not as a drain on resources but as an investment in the future. Governments, corporations and citizens alike must share the view that cybersecurity is integral to national resilience. Without such a shift, Korea risks living under constant fear of the next invisible strike.

This article was originally written in Korean and translated by a bilingual reporter with the help of generative AI tools. It was then edited by a native English-speaking editor. All AI-assisted translations are reviewed and refined by our newsroom.