Financial industry to tighten IT security
Published : Apr 21, 2011 - 18:52
Updated : Apr 21, 2011 - 18:52
Companies considering bigger budget and greater restrictions to protect data

The local financial sector geared up to tighten security of its IT systems after watching hackers take advantage of security loopholes in the nation’s top financial firms, sources said Thursday.

Major banks here said they were devising measures to step up security, such as beefing up their oversight teams or banning employees from using electronic devices perceived as potential security threats.

Hana Bank has banned the use of USB flash drives; such a drive from a laptop was the cause of the latest network crash at the National Agricultural Cooperative Federation, also known as Nonghyup.

Employees also are required to go through a multi-step security procedure including a one-time password system when logging in to central servers carrying valuable data on customers and their bank.

Woori Bank said it is considering increasing the number of staff on its IT security team, while Shinhan Bank will be stepping up investment into security hardware.

“The financial authorities seem to believe we need more people to manage our IT networks and systems,” said one source at Woori Bank.

All staff at these banks will also be required to attend intensive training courses to help boost their security awareness.

Korea, as the world’s most wired country boasting a sophisticated IT network in all sectors, is particularly vulnerable to hacking and other cyber threats, experts said.

“Both the authorities and corporate sector have been much too lax and negligent about securing their IT systems,” said Lee Sung-hun, a lawmaker of the ruling Grand National Party.

A dozen lawmakers including Lee have presented a bill at the National Assembly obligating financial companies to designate chief security officers.

On the regulator’s side, the Financial Supervisory Service is recommending firms set aside a bigger security budget ― 5 percent of their total IT-related budget ― and reinforce their workforce following a series of network-related crimes this year.

In reality, banks on average devoted about 3.4 percent of their budget to security oversight, while investment banks devoted 3.1 percent and card companies about 3.6 percent.

In addition to the Nonghyup case, which both the bank and authorities believe was committed by hackers, Hyundai Capital, a second-tier lender, also had its customer information stolen by a hacker just this year.

Going further back, there was a hacking at Korea Exchange Bank in May 2005, phishing crimes at Kookmin Bank and Nonghyup in January 2007, along with attempts to hack into Hana Bank and Korea Exchange Bank in May 2008.

By Kim Ji-hyun (