Republic of Korea: Adopted KISA and MIST Security Guide to Protect Users' Data on Network Attached Storage Servers

On 28 February 2024, the Korea Internet & Security Agency (KISA) and the Ministry of Science and Information and Communication Technology (MIST) adopted a network-attached storage (NAS) security guide. The guide aims to enhance data protection for users of NAS servers, which have become a significant data backup medium for individuals and businesses. The KISA and the MIST highlighted that NAS servers have increasingly become targets of hackers and ransomware. Consequently, the KISA prepared the guide containing security rules to present inspection methods and response plans if security threats to NAS servers occur. The guide includes eight essential security practices and detailed security guides for NAS manufacturers. The guide covers the areas of encryption usage, access control and permission management, network security, firmware and software updates, backup and restoration strategies, audit logging and monitoring, use of updated secure apps, and ransomware prevention.