From computer environments to personal financial lives extending to smartphones. Once upon a time, various security programs were installed, and OTPs, security cards, etc., were entered to use internet banking. Recently, however, people often handle various tasks such as banking and stock trading using smartphone financial apps.
However, as convenient as it is, security issues targeting individuals are constantly being raised. If your password is stolen and your smartphone is handed over to someone else, not only financial security but also freedom from cybercrime like SNS and messengers cannot be guaranteed. Even in the movie 'Smartphone', which can be watched on OTT platforms, the issue of crime through spyware was addressed, awakening viewers to the need for vigilance.
What issues arise in daily life? Recently, many people have experienced receiving a lot of advertising texts and calls. This was a part that could be sympathized with, not only by the author but also by acquaintances. When you think about how someone can know your number and personal information to make a call, you can realize that even though you agreed to the privacy policy, that information is being leaked and used for sales and advertising. Moreover, the author had registered payment information on a certain platform to easily purchase desired items immediately, but had to undergo cumbersome processes such as card reissuance due to payment attempts by someone other than themselves. As convenient as it is, it is necessary to be vigilant again to protect your own information.
As a result, the term 'Zero Trust', meaning not to trust anyone, often appears when discussing security issues. As the name suggests, it means not to trust anyone and requires systematic authentication procedures and identity verification. It re-verifies all traffic, internal and external, for any potential unauthorized external users to prevent access to internal systems, thereby enhancing security and maintaining integrity.
The Zero Trust concept, meaning not to trust anyone, operates based on three principles. As mentioned earlier, it does not trust any user, device, or device. Moreover, it verifies all traffic originating from internal and external sources and grants only minimal permissions to prevent abuse and malicious use.
Then, what kind of verification is needed to complete Zero Trust?
SSenStone, One of the domestic authentication security companies, has proposed a solution incorporating one-way dynamic authentication technology(OTAC). This solution generates a new authentication code every time and ensures that it is valid for a specific period. It was impressive to see that the solution creates an authentication environment that can protect individuals and businesses from various cybersecurity vulnerabilities in areas such as finance, ICS/OT, by setting up safeguards.
Furthermore, the Korea Financial Telecommunications & Clearings Institute (KFTC) has also secured zero-trust measures. During the Korea FinTech Week event held in 23rd, the KFTC booth demonstrated a personal authentication method using smartphone NFC functionality and credit card IC chips. By adding credit cards to the authentication media, which was previously reliant on smartphones, individuals are now being encouraged to adopt the Trust Zone as a means of ensuring the safety of their financial transactions.
Amid the increasing prevalence of security issues such as phishing and personal information theft, safeguarding oneself against cyber attacks that can occur anytime and anywhere has become crucial. The importance of an effective zero-trust model for controlling user and device access permissions is expected to grow even further.
I hope to see zero-trust security well-established in everyday financial services as well as in corporate and public services.
