Cybersecurity

Cybersecurity (사이버보안/网上保安) means the security system which protects computers and communication systems from attack of any kind, thus minimizing computer insecurity.

Computer insecurity is the concept that a computer system is always vulnerable to attack, and that this fact creates a constant battle between those looking to improve security and those looking to circumvent security.

These days cyberattacks against major institutions and facilities amount to Cyberwarfare threatening the national security. Following massive cyberattacks on broadcasters and banks in March 2013, the government and the ruling party began work to establish a law governing responses to future attacks.

Key words
cybersecurity, computer insecurity, cyberwarfare, hacking, DDoS

Cyberattacks
To preserve cybersecurity, it is important to identify the attacks and threats to computers, which may be classified as follows:

Vulnerability
Eavesdropping is the act of surreptitiously listening to a private conversation, typically between hosts on a network. Hacking is referred to as seeking and exploiting weaknesses in a computer system or computer networks. Hackers may be motivated by a multitude of reasons, such as profit, protest, or challenge. In particular, "black hat" hackers usually violate computer security for malicious or personal intent.
 * Eavesdropping
 * Hacking

Exploits
An exploit is a piece of software, a chunk of data, or sequence of commands that take advantage of a software "bug" or "glitch" in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic. Unlike other exploits, DoS attack is not used to gain unauthorized access or control of a system. It is instead designed to render it unusable. Attackers can deny service to individual victims, such as by deliberately entering a wrong password 3 consecutive times and thus causing the victim account to be locked, or they may overload the capabilities of a machine or network and block all users at once. Distributed denial of service (DDoS) attacks are common, where a large number of compromised hosts (commonly referred to as "zombie computers", used as part of a botnet with a worm, trojan horse, or backdoor exploit to control them.) are used to flood a target system with network requests, thus attempting to render it unusable through resource exhaustion.
 * Trojans
 * Viruses and worms
 * Denial of service (DoS)

Another technique to exhaust victim resources is through the use of an attack amplifier — where the attacker takes advantage of poorly designed protocols on third party machines, such as FTP or DNS, in order to instruct these hosts to launch the flood. There are also commonly found vulnerabilities in applications that cannot be used to take control over a computer, but merely make the target application malfunction or crash.

Cybersecurity measures
Under the Act on Promotion of Information and Communications Network Utilization and Data Protection, etc. (the "ICN Act"), the information and communications service providers (ISPs) are required to take security measures to secure the stability of the networks used by ISPs and the reliability of data. Article 45 (1) of the ICN Act.

On the other hand, in dealing with the personal information of users, the ISPs shall take such technological and managerial measures to prevent the loss, stealing, leakage, alteration of, or damage to, the personal information by the standard as specified by the Presidential Decree. Accordingly, when a data breach incident occurs, the torts liability of the ISP depend on whether the ISP observed the relevant provisions on cybersecurity measures or not.

How to Protect PCs
In many cases, carelessly managed personal computers turned out to be the gateway to outside attacks. Such computer users used to access unidentified Websites or insert suspicious usbs or CD roms into their PCs. Likewise, attackers like to change such PC into an operating tool - zombie PC.

So each computer user is requested to follow the following rules:
 * 1) Run the latest vaccine program periodically, and use the operating system (OS) updated with sufficient security patches.
 * 2) Change password related with core job on a weekly or monthly basis.
 * 3) Never install or use other unauthorized software than for-business-use software.
 * 4) Never never insert unwarranted usbs, CD roms to PC.
 * 5) Set password to personal information-related or secret files.
 * 6) Don't visit other Websites like securities investment, P2P share sites than business purpose sites.
 * 7) Don't fail to delete suspicious e-mails and attachments.
 * 8) Don't access workplace PCs to conduct work using a publicly used PC.
 * 9) Don't forget that anybody is seeking vulnerability in your PC for undesirable reason.
 * 10) Don't hesitate to call an officer in charge of cybersecurity when finding out PC functions retardedly, or browser could lead unwanted sites.