my timesThe Korea Times

Banks unaware of data outsourcing risks

Listen

By Kim Tong-hyung

Korea, a country fascinated with e-this and e-that, touts itself as the planet’s information technology (IT) capital. But the self-awarded title is beginning to look ironic as the ineptitude of banks and other financial companies in cyber security has customers wondering whether their money will be safer in a shoebox.

The alarm over information protection has been growing after the financial sector was rocked by a series of network-related incidents that exposed financial companies’ vulnerability to cyber criminals and their lax approach to data management.

A massive security breach at Hyundai Capital, the consumer finance unit of auto giant Hyundai-Kia Automotives, compromised the data of more than 420,000 customers, including 13,000, who had their passwords stolen.

And many of the 30 million customers of NH Bank, the financial services unit of the National Agricultural Cooperative Federation, or Nonghyup, were prevented from online and automated teller machine (ATM) transactions for more than four days after the company’s computer network crashed.

Security experts question whether banks are as serious about information security as they are about protecting their real-world safes, as the recent incidents indicated that the companies weren’t fully aware of the risks when they decided to outsource data management.

The lack of investment in in-house security personnel shows that the managers and banks and other financial providers are reluctant to deal with intangibles until they deliver a hammer blow to the back of the head.

``Many large Korean firms are outsourcing their information technology (IT)-related functions, but lack efforts to hire and train sufficient in-house security staff,’’ said a spokesman from Symantec, a computer security firm.

``Although the country’s universities and research institutions have been training and producing quality talent for the technology sector, the dearth of brainpower has been evident in the less glamorous area of computer security. Banks and government institutions like the Financial Supervisory Service, the Bank of Korea (BOK) and the National Intelligence Service (NIS) have to collaborate to build better systems for network security,’’ said another technology industry person.

Some critics raise concern that the security breach at Hyundai Capital could actually have been much worse. Currently, all electronic transactions from banks and other financial institutions go through a central network operated by state-run Korea Financial Telecommunications and Clearing Institute.

Although this massive, inter-connected network provided the economy of scale and efficiency that allowed electronic financial services to grow rapidly here, some cyber experts raise the possibility of a whole system being disrupted by a hacker who manage to crack it.