FSS checks up on security of bank networks

The Financial Supervisory Service launched a special probe yesterday into financial institutions to find out what caused last week’s network paralysis and come up with measures to prevent such incidents from recurring.

The financial regulator said yesterday that for until April 9 it will look into the computer systems of Shinhan, Nonghyup, and Jeju banks as well as Nonghyup Life Insurance and Nonghyup Property & Casualty Insurance Company, where network operations were temporarily halted.

At least two inspectors from the FSS will be dispatched to each of the financial institutions to look into whether the institution had been, and is still equipped, with a system to properly counter hacking attacks. Inspectors will also check if institutions have sufficient IT workforces and security programs.

“Through this two-week long probe, we plan to trace the exact cause of the incidents and if any institution is found to have violated [security regulations] we plan to make them responsible so that it doesn’t happen again,” said Lee Min-soon, an FSS official.

Last Wednesday, operations of several financial institutions were disrupted along with major broadcasters KBS, MBC and YTN after their computer networks were paralyzed due to a cyberattack. The latest findings by a joint government-civilian-military investigation team showed that the attack was due to a malicious code that destroyed the functions of computers and ATMs.

The inspection of Nonghyup Bank is expected to be particularly thorough considering that the bank’s network was paralyzed by a cyberattack before. In 2011, Nonghyup’s network didn’t function for three days after an attack. Seoul’s prosecution said later that North Korea was involved in that attack.

Last year, the FSS introduced a standard to boost cyber security by advising financial institutions to have at least 5 percent of their employees working in the IT field and at least 5 percent of those employees working in the cyber security department. It also advised financial institutions to allocate 7 percent of IT budgets to beefing up cyber security.

Sources say that the FSS is considering a stricter standard of having at least 7 percent of employees working in the IT field and at least 7 percent of IT workers and 10 percent of IT budgets dedicated to cyber security.

“Beefing up network and Internet security isn’t easy,” said an official from the banking industry. “First off, it costs too much, and if we strengthen security, the speed of Internet banking will inevitably slow down. In Korea, if the speed of online banking slows down, customers complain a lot, so there are concerns we will lose customers.”

“In the long-term, there should be fundamental countermeasures in the financial industry to prevent cyber accidents from happening,” FSS Governor Choi Soo-hyun told reporters at a luncheon yesterday. “For example, the local network of a financial institution should be completely separated from the external network.”

Choi, who started in the post last week succeeding predecessor Kwon Hyouk-se, also touched upon the issue of the recent strife within KB Financial Group involving an executive who allegedly leaked false information to a global investment advisory firm to oust some of the outside board directors ahead of a shareholders’ meeting last week. The internal conflict at KB Financial raised the need for improved corporate governance of financial institutions.

By Lee Eun-joo [angie@joongang.co.kr]