In the digitally-forward nation of South Korea, where residents expect and have access to high-speed internet, an unexpected paradox comes to light: Despite their robust digital infrastructure, South Koreans display a concerning lack of adherence to basic cybersecurity measures, according to experts.

A recent NordVPN report underscores this issue, revealing South Korea as ranking low in cyber awareness, especially when juxtaposed with nations of comparable internet usage. This position becomes even more alarming when considering the country’s history with significant cyberattacks. Moreover, the Korea Internet and Security Agency (KISA) reported a 78% surge in cyberattacks in 2022 compared to the previous year.

Experts have consistently sounded warning bells about the consequences of lax adherence to cybersecurity. As the ROK government aims to bolster its defenses in the digital realm, experts argue that the South Korean public must match that commitment, prioritizing cybersecurity in their daily lives.

ACTIONS, PRIORITIES AND STRUGGLES

KISA announced it had earmarked a budget of $19.2 million (25.5 billion won) to fortify the nation’s cybersecurity in late August. A significant portion of this fund will go toward enhancing cyber threat detection and prevention capabilities within South Korea. Additionally, KISA plans to explore implementing the Zero Trust security model nationwide, which would mandate device authentication before allowing network access.

This financial commitment follows South Korean President Yoon Suk-yeol’s earlier appeal to overhaul the nation’s cyber capabilities. Rather than merely adopting a defensive stance, Yoon called for those on the front lines of the nation’s cyber defense to “develop a preemptive and active operation.”

Yoon’s call for a renewed focus on cybersecurity builds upon initiatives from his predecessor. In 2019, then-President Moon Jae-in introduced the country’s first-ever National Cybersecurity Strategy.

However, the government isn’t the sole catalyst for the nation’s evolving cyber stance. Yoo Joon-sang, a former South Korean lawmaker, has helmed the “Best of the Best” initiative for over a decade — a specialized program that seeks to cultivate the next wave of cybersecurity professionals.

Yet even with these strides, a recurrent theme emerges in South Korean cyber analyses: the public’s apparent neglect of basic cybersecurity guidelines. The NordVPN report, which reverberated throughout South Korea’s tech media sector, is merely the latest instance of experts voicing concerns about the South Korean public’s cybersecurity knowledge.

Research by Boston University and Seoul National University scholars posits that this knowledge gap among South Koreans exacerbates the country’s vulnerabilities to cyber-attacks. A 2019 assessment also spotlighted South Korea’s low prioritization and lackluster performance in cybersecurity education.

“People often perceive cybersecurity solutions as primarily technical,” Kim Seung-hyun, an information systems professor at Yonsei University, told Korea Pro. “The public’s perception of cybersecurity is one of being “inconvenient or costly.” 

“Even though there’s a saying, ‘Cybersecurity is only as strong as its weakest link,’ many fail to realize that. Ultimately, it’s a collective responsibility.”

Recognizing this challenge, South Korea’s National Cybersecurity Strategy emphasizes enhancing public education on cybersecurity matters.

Minister Lee Jong-ho of the Ministry of Science and ICT attended a meeting on cyber threats in Seoul, where he discussed incidents and trends with experts | Image: Ministry of Science and ICT

SHIFTING PERCEPTIONS

There’s a prevalent notion among South Koreans that cybersecurity remains primarily a governmental responsibility, focusing on fending off external hacking threats, according to J.R. Reagan, the CEO of IdeaXplorer Global and a former cybersecurity adviser to the U.N. Development Program.

“The populace has generally relied on the government for ‘top-down’ safe innovation,” Reagan told Korea Pro. He characterized the South Korean public’s approach to cybersecurity as one of “wait-and-see as it begins to be rolled out in key public and private platforms.”

However, the perceived emphasis on external threats might be misplaced as research shows that most cyber threats that average South Koreans encounter stem from domestic sources. Further, amenities designed for the convenience of citizens inadvertently contribute to their susceptibility to data breaches.

While many countries grapple with ransomware, South Korea often finds itself dealing with man-in-the-middle attacks (MITMA). These attacks allow hackers to intercept communications between a network and its user, siphoning off transmitted information. Given the abundance of unsecured WiFi networks throughout South Korea, residents are especially at risk of these attacks.

This cybersecurity lapse isn’t confined to individual users. Even the business sector has displayed complacency. “The theft of corporate secrets has undermined corporate competitiveness,” Yonsei University’s Kim told Korea Pro.

“Businesses should abandon their evasive attitudes toward cybersecurity. The government also needs to emphasize corporate accountability for cybersecurity, focusing on holding top executives responsible instead of just penalizing operational staff.”

Free public WiFi being installed in Nowon-gu, Seoul | Image: Nowon-gu Office

CONVENIENCE VS SECURITY

South Korea’s distinction as one of the world’s most connected countries, boasting some of the fastest internet speeds, has conditioned its public to expect swift digital services. However, this ultra-connected lifestyle has inadvertently fostered an environment where many prioritize convenience over robust cybersecurity measures.

The onus will likely be on the government, therefore, to convince citizens of the need for vigilance in the digital space. 

“Effective public communication will go a long way to bridge the understanding gap and promote greater adoption of cybersecurity measures,” J.R. Reagan of IdeaXplorer Global told Korea Pro.

The urgent need for greater public awareness of cybersecurity issues is accentuated by the observed generational disparity regarding the value placed on cybersecurity. Surprisingly, younger South Koreans often display less understanding and demonstrate a greater propensity for digital risk-taking than their elder counterparts.

The prevailing sentiment among cybersecurity experts suggests a significant knowledge gap in South Korea regarding digital safety measures. Addressing this shortfall emerges as a critical undertaking for authorities across the board.

Edited by John Lee