IT security personnel

Nonghyup Bank, or the National Agricultural Cooperative Federation, is changing after taking a major hit from its worst computer network glitch in April. The bank will invest 510 billion won (472 million U.S. dollars) in computer and online security and recruit 40 workers in the first phase of a plan to hire 200 computer security staff. Computer network security loopholes should be amended even after a major accident occurs. The Financial Services Commission is devising a "5-5-7 rule" under which financial institutions and electronic financial businesses must fill 5 percent or more of their staff with IT workers and 5 percent or more of their IT personnel from the information protection sector, and spend 7 percent or more of their IT budget on computer security. Last year, just 2.9 percent of bank`s IT staff engaged in information protection.

IT security has largely remained low priority. The computer security industry, which develops computer virus vaccines and protects systems, was less than lucrative due to the misperception in Korea that “software should be freeware.” When large system integration firms outsourced security control projects, smaller companies began a fierce competition and ended up losing money. In the wake of a string of hacking incidents and personal information leaks, however, industries have changed their perception toward computer security. Ahn Lab, Korea’s largest computer security provider, posted less than 70 billion won (65 million U.S. dollars) in annual sales for years, but will likely exceed 100 billion won (93 million dollars) this year amid a computer security boom.

Human resources in IT are now enjoying better compensation as well. The pay levels of IT professionals have reportedly increased 15 to 30 percent amid the hiring spree in the financial sector and by conglomerates this year. This is a major shift from the situation one or two years ago, when few pursued the field due to low compensation and frequent emergency duty among IT jobs. The Personal Information Protection Act will take effect in Korea on Sept. 30, thus raising the number of companies obliged to assure personal information protection from 500,000 to 3.5 million. This will help the IT security market further expand, and demand for related personnel will surge.

Smaller IT security companies are struggling amid lack of staff and rising labor costs. As a result, certain companies outsource security program development to ethnic Koreans in China and people from North Korea, whose labor costs are low. Others have reportedly been asked by brokers that they can bring in North Korean programmers with fake Chinese passports and hire them in South Korea. North Korea has strategically cultivated IT talent and is now considered ranked No. 5 in the world in cyber warfare capacity. No matter how skilled and talented such North Koreans are, however, South Korea cannot afford to outsource computer security to IT professionals from the North, which is very willing to launch cyber terrorism on the South. Doing so will be no different from leaving South Korea’s national defense in the hands of the North Korean People’s Army.

Editorial Writer Hong Kwon-hee (konihong@donga.com)