Wanted: Data security pros
NH Nonghyup Card, KB Kookmin Card and Lotte Card are taking the most aggressive action by scouting executives for newly created information security departments established to meet guidelines by the Financial Services Commission and Financial Supervisory Service.
Nonghyup, which had suffered a series of hacking incidents in the past few years, early this month hired Nam Seung-woo, former chief of the IT unit at Shinhan Bank, as chief information security officer. He will head the bank’s new information security department. Nonghyup will also invest a total of 320 billion won ($299 million) to build an IT center in Uiwang, Gyeonggi, which will be completed by 2016.
KB Kookmin Card, which saw 50 million accounts leaked in the recent incident, has recruited 16 experts on information security.
“In order to expand our security work force, we hired five more than initially planned,” said a KB spokesman.
Lotte Card also plans to hire security experts based on a recent consulting report.
Citibank and Standard Chartered Bank, whose employees deliberately stole information of customers, are also looking to add security experts this year.
Other financial companies have also learned a lesson from the January leaks and are moving to enhance their data security by hiring more experts.
Shinhan Financial Group’s subsidiary Shinhan Data System has recruited five security experts and plans to hire five more.
The number of security employees at the company rose from 45 in 2011 to 100 in 2011.
The group opened Shinhan Data Center in Yongin, Gyeonggi, in July to store card and bank customer information as safely as possible.
Hana Bank, which recently established a center for customer information protection, will also recruit at least four security experts, while Woori Bank plans to hire 10.
According to a report by Saenuri Party lawmaker Kim Jae-kyung, the number of security experts working in the financial sector exceeded 1,000 last year, compared to 400 in 2010.
The country’s financial authorities set so-called 557 guidelines after a hacking incident at Hyundai Capital in 2011. Under the guidelines, information technology employees and information security employees should each be more than 5 percent of the work force in total, and companies should spend at least 7 percent of their IT budget on protecting information.
“Most large companies are complying with the guidelines, which are the minimum regulations necessary to protect customer information,” said Song Hyun, IT chief at the FSS.
However, the latest incident occurred at companies that had adhered to the guidelines, implying that the rules may not be strict enough.
Financial companies say that increased spending on information security would be passed on to customers, and they complain there are few specialists in all three fields - information security, technology and finance.
“We are desperate to bring in experts, but there are not many qualified candidates,” said an insurance executive.
“The financial authorities are simply checking whether companies are following the 557 guidelines or not, but that’s not enough,” said Kim. “They should come up with detailed guidelines that fit the situation of each company.
“Financial companies should not be passive anymore. They need to take the initiative to bolster security work forces on their own.”
By Park yu-mi, lee ji-sang [email@example.com]