FSC announces tougher cybersecurity measures
All financial institutions including banks, insurers and card companies will be required to separate their internal and external networks by the end of next year to help reduce cyber security risks, the country’s financial regulator said yesterday.
There will also be a new council under the Financial Services Commission in charge of cyber security issues. Currently, those duties are scattered among different institutions such as the Korea Financial Telecommunications and Clearings Institute and the Financial Security Agency.
Yesterday, the FSC unveiled a set of measures to prevent cyber attacks following a series of hackings of local financial institutions including NH Nonghyup Bank and Shinhan Bank.
Security risks have grown with an increasing number of people choosing to do financial transactions online or through mobile devices, according to the FSC. The number of online banking users in Korea is now 89.4 million - many individuals have more than one account - and the number of mobile banking users is 40 million, according to the regulator.
“It’s become more convenient for financial consumers to use these services,” the FSC said in a statement. “However, security dangers have also grown.”
On March 20, the networks of NH Nonghyup Bank and Shinhan Bank were halted due to a cyberattack. After those incidents, the FSC formed a task force to come up with measures to strengthen cybersecurity.
“The cost of separating their networks will differ by financial institution,” said Lee Byung-lae, a director general from the FSC. “Though we made it mandatory, it won’t cost that much because it’s not a matter of establishing a new data center.”
According to Lee, the networks of the Industrial Bank of Korea are separated at both its data center and its headquarters while there are nine financial institutions that have separated networks at their data centers. Shinhan Bank and Kwangju Bank’s networks are separated at their headquarters. Industry officials say that using the same network for Internet banking and financial operations raises the vulnerability to an outside attacks.
Part of the FSC’s new measures includes enhancing the authority of the chief information security officer (CISO) at financial institutions. Currently, the chief information officer (CIO) also functions as the CISO. The FSC said it wants 36 financial large institutions to hire full-time CISOs.
BY lee eun-joo [email@example.com]