Financial authorities will strengthen security checks in the financial sector to prevent a recurrence of the SGI Seoul Guarantee incident, which experienced computer system disruptions due to a ransomware hacking attack.
On the 30th, the Financial Services Commission held a meeting to discuss measures for preventing hacking incidents, titled 'Meeting on the readiness to respond to cybersecurity incidents in the financial sector and financial public institutions.'
At the meeting, SGI Seoul Guarantee explained the progress and response status of the ransomware incident, emphasizing that all servers have now been restored and customer services have returned to normal. SGI Seoul Guarantee noted, "A thorough investigation into the cause of the incident is underway," and said, "We are implementing additional measures across our security management system, including managing external access infrastructure."
Financial authorities have instructed the entire financial sector to conduct self-checks to ensure that such incidents do not reoccur. Based on these results, the Financial Supervisory Service (FSS) will conduct on-site inspections and examinations starting in September. The FSS plans to focus on checking the response system to ransomware and the status of backups for recovery in the event of computer system failures.
Starting in September, the FSS, in collaboration with the Financial Security Institute, will conduct blind simulated hacking tests across the entire financial sector. Through simulated hacking, they will confirm whether each financial institution's defense systems are functioning properly and identify areas for improvement, in order to support financial institutions in strengthening their security measures.
They also decided to review measures for institutional improvements. ▲ Imposing penalty surcharges in the event of significant security incidents due to inadequate security systems ▲ Strengthening the authority of Chief Information Security Officers (CISOs) ▲ Promoting the establishment of an 'integrated control system' to systematically manage and disseminate threat information related to cybersecurity in the financial sector. In addition, they have also required the establishment of manuals for strengthening security disclosures of financial institutions and consumer damage compensation.
The director of digital finance policy at the Financial Services Commission said, "As seen in the SGI Seoul Guarantee case, even a small security mistake in financial institutions can lead to enormous consumer inconvenience that spirals out of control," and emphasized, "Since this is related to financial reliability, we must check and supplement security measures to the extent that it may seem excessive."