SEOUL, Korea, Mar 25 (Korea Bizwire) – As a series of online security incidents including the weeks of paralysis of Nonghyup in 2011 and the cyber-attack on March 20, 2013 have broken out, some banks are on a mission to recruit white hackers.
KB Kookmin Bank has recently hired a new cyber security specialist who happens to be a white hacker. A KB Kookmin Bank executive said, “The person who knows the best about how a hacker’s mind works is another hacker.” The executive explained that a white hacker can detect the weak spots in the Intranet so that the in-house network experts can come up with solutions.
It has been two years since Industrial Bank of Korea employed a white hacker who had won an award in a hacking competition. An IBK official said, “We get even the pre-tested security systems and the systems already installed tested by simulating hacker attacks to ensure security.” By recruiting white hackers, a company can not only find the weakness in the system but also determine the attacking patterns of hackers and be better prepared.
However, the extreme measure of stopping a hacker by another hacker is still causing a huge dilemma of whether a hacker can be trusted in the financial world. Since a simple misjudgment of character can lead to another nationwide financial fiasco, the recruiters are being extra careful.
A bank CIO remarked, “Although various aptitude tests and interviews are held prior to hiring a new security specialist, we are still worried about the worst-case scenario of setting the fox to keep the geese.”
For such a reason, a major bank has given up on recruiting white hackers for two years in a row. Even the banks which have employed top-notch white hackers do not want it to be known as they can be easily targeted by other hackers.
Some banks choose to work with security companies instead of hiring white hackers individually. With or without the involvement of white hackers, there is no doubt that cyber security is every Korean bank’s first priority at this moment.
Written by Robin Koo (firstname.lastname@example.org)