SK Shieldus said on June 18 that its incident response team, Top-CERT, issued a technical report analysing real breach investigation cases.

The report includes key cases reconstructed from Top-CERT’s breach investigation experience. They include a case in which data encrypted by a ransomware attack was recovered using forensic techniques to secure business continuity without meeting monetary demands; a case in which deleted logs were restored to quantitatively estimate the scale of a personal data leak and early corporate trust was regained through a swift response; a case in a repeated ransomware infection incident not resolved by simple restoration in which the attacker’s re-entry route was identified to block additional damage and build a sustainable prevention system; and a case in which an unseen attack flow in a partner-linked incident was backtracked to identify leaked data and a hacking scenario, addressing security blind spots.

Top-CERT also stressed that professional breach investigations conducted immediately after an incident are a core process that minimises additional damage and reduces recovery costs. It said they are the starting point for cyber resilience that leads to trust restoration and security system improvements.

Kim Byeong-moo (김병무), head of the cybersecurity division at SK Shieldus and a vice president, said, "Corporate security competitiveness is now determined not only by how well attacks are blocked, but also by how quickly and accurately a company responds after an incident occurs." He said, "Breach investigations are not simply the cost of dealing with an incident, but an essential investment to protect a company’s core assets and brand trust. Top-CERT will continue to support companies in building more systematic incident response systems based on accumulated incident response experience and analytical capabilities."