S. Korea to tighten network security for financial sector
South Korea is looking to overhaul the network security systems for its financial industry in order to prevent them from being victims of future cyberattacks and resulting in having sensitive customer data compromised.
The Yonhap News Agency reported Wednesday the country's financial regulator, Financial Supervisory Service (FSS), had been working with its supervisory agency, the Financial Services Commission (FSC), to introduce more stringent rules for online network systems at banks, insurance companies, and others in the financial industry.
They plan to unveil a comprehensive measure in June this year, it added.
The new measures are focused, in particular, on strengthening measures to hold chief executives legally accountable for any failure in their online security systems and be rebuked for negligence, the FSC revealed.
An FSS official said the regulator aims to complete its investigation into the companies' network systems by mid-May before reporting its findings to the FSC. The results of the investigation will be released around the beginning of the second half of the year, and those responsible will face severe consequences, he said.
The move by the government comes after an attack on local Internet service provider LG Uplus resulted in server outages at three domestic broadcasters, YTN, MBC and KBS, and local banks Shinhan Bank and NongHyup Bank. The attacks were suspected to have come from North Korea, but no personal information was compromised.
This could be due to the fact that financial institutions are not adhering to the law stipulating they must assign 5 percent of its staff to the IT department. Of this 5 percent, 5 percent must be assigned to security-related tasks and the company must also spend 7 percent of its budget on online security networks, the report noted.
The government agencies suspect the rule has been largely ignored due to the heavy costs involved to be compliant, it added.
Anonymous claims breach on Korea Exchange Bank
Stiffer regulations on the industry's online security appears necessary. On Tuesday, hacktivist group Anonymous said it had obtained personal data from Korea Exchange Bank (KEB).
A member of Anonymous revealed in a Twitter update the hack and what he claimed to be data from customers of Korea Exchange Bank, on his twitter handle @Anonsj, a separate report by Yonhap News Agency noted.
The Twitter account was inaccessible when ZDNet Asia tried to access it on Wednesday 2.30 p.m. Singapore time.
Released at 7.24 a.m. in South Korea, the data posted online contained 1,460 e-mail addresses and numbers presumed to be log-in IDs and passwords, according to the report. These are mostly Yahoo and Google accounts, with about 50 of them from major Korean portal sites Naver and Daum.
However, a spokesperson from KEB denied the hacker's claim, stating the data does not match with the details of its clients. "We have a 24-hour security system under constant operation and there was no attempt of a cyber attack," the spokesperson said.