The three internet-only banks — KakaoBank, Kbank, and Toss Bank — will add security staff in the second half of this year. With cyberattacks on financial firms continuing and regulators launching inspections, the banks appear to be moving to strengthen their security systems.
As of the 17th, according to the internet-only banking industry, Toss Bank plans to hire seven people in the security area in the second half of this year, an increase from previous years. Toss Bank hired four people last year and six people in 2023. A Toss Bank official said, "We pursue a technology-centered security strategy and are making preemptive investments to build a multilayered defense system."
KakaoBank recently began a recruitment process for an "information security technology manager," seeking double-digit talent in areas such as "penetration testing," "system security," and "network security." A KakaoBank official said, "This year, instead of direct hiring, we plan to expand the number of developers on a larger scale than in previous years by participating in Kakao group-wide open recruitment."
Kbank will soon proceed with rolling recruitment focused on experienced hires for security positions. It also decided to expand investment in the latest security systems while strengthening cooperation with information security specialists.
These moves by the three internet-only banks are a preemptive response to the ongoing hacking incidents targeting financial firms. Lotte Card suffered a breach on the 14th of last month that leaked internal files, but it only recognized the incident on the 26th — 12 days later — during a server synchronization process. The total leaked volume was 1.7GB (gigabytes), and payment-related information was reportedly included. In July, SGI Seoul Guarantee was hit by a ransomware attack, which paralyzed core IT operations — including mortgage loan guarantees — for 14 to 17 days.
Financial authorities are also strengthening countermeasures. Starting this month, the Financial Supervisory Service and the Financial Security Institute are conducting "blind penetration testing drills" using white-hat hackers across the entire financial sector and are conducting unannounced inspections of financial companies' hacking detection and defense systems. They also decided to push for a plan to impose a "punitive penalty surcharge" of up to 20 billion won if a serious incident occurs due to inadequate security systems.