[2026 Financial Forum] Sangwon Park, President of the Financial Security Institute: "In the Post-Network Separation Era, Financial Institutions Must Build Autonomous Security Systems"
AX Accelerates: Moving Beyond Passive, Regulation-Driven Network Segmentation Security
Countering AI Hacking with AI... Embedding 'Zero Trust'
Clear Limits to Preemptive Blocking... Focusing on Rapid Recovery and 'Operational Resilience'
Sangwon Park, President of the Financial Security Institute, emphasized the need to proactively prepare for the "post-network-segmentation era" in response to changes in the financial security environment brought about by the spread of artificial intelligence (AI). He argued that financial institutions should move away from a security system reliant on government regulations and mandatory network segmentation, and instead, take the initiative to invest in security and establish autonomous security frameworks.
Sangwon Park, President of the Financial Security Institute, is giving a lecture on "A Major Transformation in Financial Security: AI Hacking Threats and Financial Security Resilience" at the 2026 Asian Financial Forum held on the 21st at the Westin Chosun Seoul in Jung-gu, Seoul, under the theme "The Great Transformation of Future Finance: The Era of Productive Capital and the New Financial Order." Photo by Hyunmin Kim
View original imageOn May 21, at the 2026 Asian Financial Forum held at The Westin Chosun Seoul in Jung-gu, Seoul, under the theme "The Great Transformation of Future Finance: The Era of Productive Capital and the New Financial Order," President Park pointed out the limitations of a regulation-centered security system amid the rapidly changing financial environment, including AI hacking and the proliferation of digital assets.
During his lecture titled "A Major Transformation in Financial Security: AI Hacking Threats and Financial Security Resilience," Park stated, "Regulation-centered security policies, such as network segmentation, have served as a shield for the financial sector over the past decade, but are now reaching their limits." He emphasized that as the shift from digital transformation (DX) to AI transformation (AX) accelerates, the financial security framework must be fundamentally restructured. Network segmentation regulations mandate the separation of internal business networks and external internet networks within financial institutions, preventing external hacking or malware from infiltrating core financial systems.
Transitioning from Reliance on Network Segmentation to an Autonomous Security Investment System
President Park pointed out that domestic financial security has so far depended on government-led regulations and mandatory network segmentation, and as a result, has not sufficiently achieved autonomous security investment or the establishment of advanced security systems. After a large-scale incident in 2013 in which the banking sector's computer networks were paralyzed, the obligation for network segmentation was introduced for financial institutions. Although there has since been a gradual easing of regulations—allowing the use of cloud services, exceptions for remote work, permitting research and development networks, and the introduction of Software as a Service (SaaS)—financial institutions have generally remained focused on regulatory compliance and have been passive in making security investments.
Park stated, "Financial institutions have until now maintained their security systems solely by relying on regulations, but the current structure, where AI is only used in a limited manner on isolated networks, has clear limitations for developing sophisticated future financial services. We must proactively prepare for the post-network-segmentation era," he urged.
Financial authorities are also in the process of easing network segmentation regulations. Park noted, "Authorities are gradually relaxing regulations for companies with robust security postures, and in the future, it appears that the regulations may be abolished entirely for capable companies." He further emphasized, "It is now time for financial institutions to autonomously establish, assess, and improve security systems tailored to their own environments," highlighting the need for companies to proactively expand their security investments.
Sangwon Park, President of the Financial Security Institute, is giving a lecture titled "The Great Transformation of Financial Security: AI Hacking Threats and Financial Security Resilience" at the 2026 Asian Financial Forum held on the 21st at The Westin Chosun Seoul in Jung-gu, Seoul, with the theme "Future Finance Great Transformation: The Era of Productive Capital and a New Financial Order." Photo by Hyunmin Kim.
View original imageEvolving Hacking Threats in the AX Era... Embedding 'Zero Trust' Is Essential
The proliferation of AI and digital assets is rapidly heightening cyber threats faced by the financial sector. Park explained, "AI-powered hacking dramatically accelerates vulnerability discovery and penetration. Even non-experts can now exploit generative AI tools to launch attacks easily." He noted that threats such as ransomware, system paralysis attacks, AI hallucinations, prompt injection attacks, and third-party risks are emerging, representing a fundamentally different threat landscape compared to traditional server-based security models.
Park emphasized, "As AI is leveraged as an attack tool, the defense front must also actively adopt AI security solutions." He identified the following as key tasks for the post-network-segmentation era: transitioning to autonomous security systems; embedding security from the design stage (Security by Design); establishing internal controls based on Zero Trust (a system where even internal networks are not automatically trusted and are subject to verification each time); fostering an organization-wide security culture; managing third-party security; and strengthening operational resilience.
He especially highlighted the need to embed security from the initial adoption stage of new technologies, stating, "Even if information leaks occur at external touchpoints such as agents or outsourcing companies, the ultimate responsibility falls on the financial institution. Therefore, managing 'third-party risk' across the entire supply chain is essential."
Complete Post-Incident Blockage Is Impossible... Securing 'Operational Resilience' Is Key
Additionally, Park asserted that it is nearly impossible to completely prevent security incidents, and that the focus should be on securing 'operational resilience' to quickly restore services after an incident occurs. This is because there are clear limitations to blocking the attacks of highly sophisticated international hacking organizations 100% in advance.
Hot Picks Today
"Samsung Electronics Employee with 100 Million Won Salary Receiving 600 Million Won Bonus... Estimated Tax Revealed"
- "Only Two Per Person" Garbage Bag Crisis Was Just Yesterday... Japan Also Faces Shortage Anxiety
- Lived as Family for Over 30 Years... Daughter-in-Law Cast Aside After Husband's Death
- Profiler Kwon Il-yong Demands Deletion of Fake News Using His Name in 'Juwangsan Disappearance Case'
- "Wore It Once, Then This? White Spots All Over 4.15 Million Won Prada Jacket... 'Full Refund Ordered'"
He stressed the need to establish effective backup systems, conduct repeated response drills, and implement immediate reporting and notification mechanisms to ensure that financial services can continue without interruption even if an incident occurs. Park stated, "To confront increasingly advanced threats, it is essential to strengthen cooperation between the financial sector and specialized institutions. The Financial Security Institute will faithfully fulfill its role as the core hub for detecting and responding to cyber risks in the financial sector," he affirmed.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
