Security SW 'Shutdown' Shock: Is the Financial Sector's Digital Fortress Collapsing? Hidden Tinderbox Amidst 'Network Separation' Chaos

Security SW 'Shutdown' Shock: Is the Financial Sector's Digital Fortress Collapsing? Hidden Tinderbox Amidst 'Network Separation' Chaos

[Background]

The South Korean financial sector has long been heavily reliant on installed security software (SW), represented by 'ActiveX.' This was a temporary solution to practical problems such as insufficient security technology and lack of user convenience in the early 2000s when internet banking was just emerging. At the time, web standard technologies were not mature, and there were difficulties in considering various browser environments. ActiveX was like a 'magic key' that could solve these problems relatively easily. However, over time, ActiveX became a hotbed of security vulnerabilities and a major culprit in hindering user experience. The government recognized these problems and promoted the phasing out of ActiveX from the 2010s, but the financial sector has avoided change by hiding behind another outdated defense called 'network separation.' Network separation is a method of preventing hacking by physically separating the internal computer network from the external network, but the closed environment has hindered the introduction of the latest security technologies and the construction of flexible systems. As a result, the financial sector has lagged behind in digital innovation, complacent in an outdated security environment.

[Current Situation]

As of March 30, 2026, local time, the South Korean financial sector has entered a state of high alert due to the government's sudden directive to 'suspend the use of installed security SW.' This is part of the 'Plan to Accelerate Financial Digital Transformation and Strengthen Cybersecurity' announced by the Financial Services Commission, expressing a strong commitment to completely phasing out устаревший ActiveX-based security systems and transitioning to an open security environment based on web standards. In particular, this measure was announced as an ultra-strong move with 'immediate implementation,' adding to the confusion of financial institutions. Financial institutions in Yeouido have convened emergency meetings to focus on finding alternatives to installed security SW under the network separation environment. However, the network separation environment itself makes it difficult to introduce web standard technologies, and they are unable to find a clear solution. Some are considering building a cloud-based virtual desktop environment (VDI), but are facing difficulties in introducing it due to huge initial investment costs and security stability issues. In addition, financial common network systems such as the Korea Financial Telecommunications and Clearings Institute are also dependent on installed security SW, so a review of the entire system is expected to be inevitable. According to current estimates, the average security system transition cost for major domestic banks is estimated to be at least 50 billion won to a maximum of 100 billion won, and concerns are being raised that small and medium-sized financial institutions may face a threat to their survival.

[Multi-faceted Analysis]

The government's measure is a strong message urging fundamental changes in the financial security system. However, the financial sector's lack of preparation and excessive reliance on the outdated system of network separation are causing unexpected confusion. According to an analysis by market research firm 'Tech&Biz,' more than 70% of domestic financial institutions still operate устаревший ActiveX-based security systems under a network separation environment, and less than 10% have transitioned to an open security environment based on web standards. This is a prime example of how slow the financial sector's digital transformation efforts are. Socially, this situation may amplify the anxiety of financial consumers. In particular, security concerns about non-face-to-face financial transactions such as internet banking and mobile banking may increase, leading to a reluctance to use financial services. Politically, critical voices may rise against the government's strong stance. Along with criticism that the policy was unilaterally promoted without considering the financial sector's preparedness, concerns may be raised that it will increase the burden on financial institutions and lead to instability in the financial market. Experts point out that this situation calls for a review of the entire financial security system and an urgent move away from the network separation environment to build a flexible and secure security system based on the cloud. In addition, they emphasize that financial institutions should expand security investments, strengthen their ability to respond to cyber attacks, and make active efforts to alleviate the anxiety of financial consumers.

[Future Prospects]

In the future, the financial sector is expected to overcome the chaos caused by the phasing out of installed security SW and make bold investments to transition to an open security environment based on web standards. In particular, the construction of a cloud-based virtual desktop environment (VDI) and the introduction of biometric authentication technology are expected to accelerate. However, since the network separation environment inevitably restricts the introduction of these technologies, a review of the network separation policy itself seems inevitable. In addition, financial common network systems such as the Korea Financial Telecommunications and Clearings Institute are also expected to transition to web standards, and financial institutions should make efforts to minimize security vulnerabilities that may occur during the security system transition process. Financial consumers can look forward to using safer and more convenient financial services in the future, but may have to endure temporary inconveniences that may occur during the security system transition process. The key point to note is whether financial institutions can efficiently manage costs and ensure security stability during the security system transition process. In addition, the government should prepare support policies to reduce the burden on financial institutions and expand investments to train financial security experts. Ultimately, this situation will be an important turning point in determining the future of South Korea's financial security system.