Since Internet banking services were introduced in 1998, new cyber financial services such as Internet banking, cyber securities and online shopping have developed remarkably in Korea. Owing to such rapid development, the percentage of total transactions that are not face-to-face transactions such as Internet banking, CD/ATM usage, telebanking and mobile banking rose sharply. The percentage among banking and securities transactions reached 82 percent and 77 percent, respectively, at the end of 2008. In keeping with the development of information communication technology, cyber transactions through the Internet and mobile mediums are expected to increase steadily in the future.
Cyber-terrorism Threat Expected to Increase
As cyber transactions increase, the cyber-terrorism threat also rises. For instance, financial services are blocked by DDoS attack, deposits are withdrawn wrongfully and individual credit information is leaked. The possibility of various cyber risks occurring in the financial sector also exists. Since financial companies' investments in the cyber security sector has reduced owing to worsened managerial conditions in the wake of last year's financial crisis, the capability to cope with a cyber-terrorism threat is expected to weaken further. This is a reality.
The Financial Supervisory Service (FSS) is exerting pressure along with financial companies to keep security and safety in the financial sector by improving financial companies' capabilities to cope with cyber-terrorism threats in the financial sector.
Efforts for Security and Safety
Firstly, the FSS plans to guide financial companies to help them strengthen institutional and technical capabilities to prevent the outflow of customers' financial information and cope with cyber-terrorism threats such as hacking. In particular, seven domestic financial companies were major targets of the DDoS attack in July this year. The financial sector in general successfully coped with the attack because of a system to detect and intercept DDoS attacks which was built in advance owing to the FSS prior recommendation.
However, the FSS plans to announce comprehensive countermeasures after reflecting on problems that occurred in the countering process and policy recommendations to the steps. The FSS also plans to actively utilize the Electronic Financial Accident Response System (EFARS), which was built for financial companies to swiftly cope with cyber-terrorism threats by sharing information in real time. Financial companies are expected to swiftly cope with the threat by using this system.
To enhance financial companies' own risk management capability in the cyber security sector, the FSS is also considering institutional means such as the introduction of a Chief Security Officer (CSO) system, introduction of a detection interception system to cope with DDoS attacks, and fostering of security experts.
The FSS is also moving to create a cooperative system with domestic and foreign institutions to effectively cope with financial cyber-terrorism threats. Financial supervisory authorities, financial companies, information protection professional institutions and communication companies need to strengthen cooperative systems and share various technologies and information to cope with the threat between financial companies. They also should prepare a pan-financial association to jointly cope with the threat by regularly holding emergency countermeasure training to cope with cyber-terrorism threats. Along with this, it plans to build an international cooperative system against cyber-terrorism threats in order to share countermeasure experiences by participating in the IT Supervisors Group. This Group already includes financial supervisory organizations of major countries including the US, Great Britain, and Japan.
Third, the technical capability for companies to cope with cyber-terrorism threats should be enhanced. The FSS will check and appraise small and medium-sized financial companies' vulnerabilities to the cyber-terrorism threat. The FSS will guide these companies, like securities companies, savings banks and credit unions, and prepare technical alternatives for them. For financial companies offering cyber financial services, they should enhance the efficiency of a Disaster Recovery Center. Through this, we can build environments persistently offering financial services in any disaster situation, including cyber terrorism.
Fourth, financial companies should establish contingency plans in preparation for cyber-terrorism and carry out crisis management training. The FSS will guide some financial companies with insufficient emergency response systems to supplement their own contingency plans, including emergency response manuals, and guide each financial company to hold regular training to cope with emergency cases according to their contingency plans.
Fifth, efforts to promote customer security consciousness about cyber-security are necessary. The key cause of most recent cyber financial incidents are attributable to exposure or outflow of secret customer information on Internet transactions. This information includes account passwords, official certification passwords, and security cards. Attackers get a hold of this information because of negligent management on the part of the customer. Considering this, the FSS has carried out a Pan-financial Circles Customer Information Protection Campaign since July 1 in which some 230 institutions, including financial companies and financial information protection professional institutions, are jointly participating. The campaign will continue until the end of the year. It is hoped that this campaign will enhance the cyber security consciousness of financial services customers and will offer financial companies and their customers a chance to jointly cope with the threat.
Convenient, Reliable Cyber Financing
The reason behind the rapid development of Korea's electronic financial services is the offering of convenient and reliable cyber financial services by financial companies that understood customer demands exactly. To provide customers with confidence and convenience, supervisory authorities, financial companies and customers should make best efforts to develop convenient services using information technology to perfectly cope with malicious cyber-terrorism, including hacking.
