The financial authorities plan to discuss the 'improvement measures for network separation,' which centers on the self-security of financial firms, again. With the computer paralysis incident of SGI Seoul Guarantee having been resolved after four days, this movement is interpreted as an attempt to redefine the detailed direction of security measures for financial firms. There are also calls to reorganize regulatory measures to ensure financial firms are thoroughly prepared for cyberattacks.
According to the financial industry on the 17th, the financial authorities intend to discuss again the details of the 'roadmap for improving network separation in the financial sector' announced last August. A representative from the financial authorities noted, 'While the broad direction of self-security will be maintained, the Financial Services Commission and the Financial Supervisory Service will discuss whether additional aspects are needed in the financial firms' network separation improvement roadmap, and related research will be conducted.'
The core of the 'roadmap for improving network separation in the financial sector' is to allow each financial firm to autonomously establish and operate its security system. Previously, financial firms were required to use network security techniques that separate internal and external networks to protect internal computer operations from external intrusions. This was a measure established after the large-scale computer incident that occurred in the financial sector in 2013.
However, network separation has hindered the provision of user services based on new technologies such as generative artificial intelligence (AI). For this reason, the Financial Services Commission has decided to gradually ease the network separation system to allow financial firms to utilize generative AI and expand the scope of cloud program usage. While granting autonomy over security, the responsibilities after the fact will be strengthened.
Regulations related to financial firms' information technology (IT) security personnel and budget allocation have also disappeared. Under the Electronic Financial Supervisory Regulations, since 2011, financial firms were required to secure at least 5% of their total personnel as IT personnel, and to maintain at least 5% of security personnel within the total IT personnel. They also had to allocate more than 7% of their total IT budget for security, known as the '5-5-7 standard.' This '5-5-7 standard' was rendered void in 2020, so financial firms are no longer required to comply with it.
However, experts advise that security measures need to be reorganized to strengthen proactive preparedness. This is due to the increasing scale of user damage caused by recent hacking incidents targeting major corporations such as SK Telecom and YES24.
Professor Yeom Heung-yeol of the Information Security Department at Soonchunhyang University stated, 'The ransomware that caused the computer paralysis incident at SGI Seoul Guarantee is a fatal cyberattack that immobilizes the corporation's operations.' He added, 'In order to reduce the probability of damage, it is necessary to reorganize security measures to enhance both proactive and reactive responses.'
Earlier, on the 14th, the system failure at SGI Seoul Guarantee caused some subscribers to be unable to execute jeonse loans, resulting in damages such as delayed moves. SGI Seoul Guarantee, along with the Korea Housing & Urban Guarantee Corporation (HUG) and the Korea Housing Finance Corporation (HF), is one of the top three guarantee institutions for jeonse loans, holding approximately 25% market share in the domestic jeonse loan guarantee market.
On that day, SGI Seoul Guarantee completed the recovery of its core computer system four days after the incident occurred and resumed major services such as jeonse guarantee insurance from the morning. However, the internal support system used by employees is still undergoing recovery work.