Security-First Strategy Unveiled
Strengthening Three-Tier Security Framework: Governance, Prevention, and Response
Comprehensive Package for Voice Phishing and Smishing Response... Utilizing AI
Proposal to Form a Public-Private Council to Combat Everyday Scams
"All Relevant Departments and Agencies in the Private and Public Sectors Must Unite"
LG Uplus will invest approximately 700 billion KRW in security over the next five years. The company unveiled its "Security-First" strategy, which focuses on three core security systems: governance, prevention, and response. It also introduced AI-based countermeasures to prevent voice phishing and smishing. Additionally, LG Uplus proposed the formation of a public-private information security council to prevent customer damage from voice phishing and smishing.
On the morning of July 29, LG Uplus held a security strategy briefing at its headquarters in Yongsan-gu, Seoul, where it announced these plans. Hong Kwanhee, head of the Information Security Center (CISO/CPO, Executive Vice President) at LG Uplus, who presented at the event, stated, "We will continue to realize seamless security through strategic investment and aim to become a telecommunications company that provides security customers can truly feel."
Security investment increased by 30% this year... Information Security Center now reports directly to CEO
Hong Kwanhee, head of LG Uplus Information Security Center, is introducing the Security First strategy at a press briefing held at the LG Uplus headquarters in Yongsan-gu, Seoul on the morning of the 29th. Photo by LG Uplus
LG Uplus has been steadily increasing its security investments and workforce. This year, the company plans to boost its security investment by more than 30%, with an estimated total investment of approximately 700 billion KRW over the next five years.
In July 2023, LG Uplus established the Information Security Center, a dedicated security organization reporting directly to the CEO. Since then, the company has strengthened its security framework around three pillars: security governance, security prevention, and security response. First, "security governance" is being completed with the Information Security Center, which oversees company-wide information protection. As a member of the management committee, Hong participates in major internal decision-making processes, including those concerning security.
The second pillar, "security prevention," involves preparing for cyber threats targeting internal information, such as hacking. Since November last year, LG Uplus has been conducting black box penetration testing, which involves hiring external white-hat hackers to identify vulnerabilities. The company plans to extend these penetration tests through the first half of next year. Hong stated, "Our goal is to minimize the attack surface that can be targeted from outside, so customers can use our services with peace of mind."
To advance the third pillar, "security response," LG Uplus is strengthening its AI-based monitoring system. By 2027, the company aims to establish a "Zero Trust" model tailored to LG Uplus, which means not trusting any access by default and always verifying. The plan is to fully automate abnormal access control and anomaly detection using AI.
Comprehensive package for voice phishing and smishing response... Utilizing AI
LG Uplus announced the launch of the AI agent ixi-O at its headquarters in Yongsan-gu, Seoul, on the 7th. Models are demonstrating the service. Photo by Younghan Heo
On this day, LG Uplus also unveiled a comprehensive package to prevent damage from voice phishing and smishing crimes. The company has established step-by-step countermeasures, including monitoring, crime response, and emergency response, by segmenting the customer service usage process.
First, in the monitoring stage, the AI-based Customer Damage Prevention Analysis System detects voice phishing and smishing threats 24 hours a day, blocks spam messages, and restricts access to malicious links. LG Uplus is the only telecom company in Korea that directly tracks malicious app servers operated by criminal organizations. During the briefing, the company demonstrated how a real voice phishing organization takes control of a smartphone with a malicious app installed.
When a malicious app is installed on a smartphone, it not only blocks all incoming calls but can also manipulate outgoing calls so that those from the criminal organization appear as official numbers of the police or prosecution. Even if the victim tries to report to 112, the call can be rerouted to the criminal group, or the group can secretly activate the camera to determine the victim's location. Hong emphasized, "Once a malicious app is installed, any call can be intercepted by the criminal organization, and real-time eavesdropping via the smartphone's camera and microphone becomes possible. This makes victims vulnerable to voice phishing and causes significant psychological distress. Immediate protection is urgently needed."
LG Uplus directly identifies customers who have accessed malicious app servers through server tracking. The company blocks access to these servers at the network level and notifies the police of related information. In the second quarter, about 23% of all voice phishing cases reported to the police were those where LG Uplus tracked malicious app servers and provided the information to law enforcement.
In the crime response stage, LG Uplus responds in real time to voice phishing and smishing attempts targeting customers. The company enhanced its AI-based spam blocking system, increasing the number of blocked spam messages by 1.4 times in just five months. The AI call agent "IXIO" detects voice phishing and warns customers, and its anti-deep voice feature can distinguish between machine-manipulated and real voices. Since its launch in November last year, IXIO has detected an average of about 2,000 suspected voice phishing calls per month.
In the final "emergency response" stage, immediate action is taken for customers with malicious apps installed. If LG Uplus confirms the installation of a malicious app through server tracking and internal analysis, it immediately sends an alert via KakaoTalk AlimTalk. Since the alert system was introduced on June 30, approximately 3,000 customers have received notifications about malicious app infections.
In the future, LG Uplus plans to train AI on the actual call patterns of criminal organizations so that police and other authorities can provide immediate protection to customers at high risk of victimization.
"This can't be solved by us alone"... Proposal for a public-private council to eradicate scams targeting everyday life
At the briefing, LG Uplus proposed forming a public-private information security council to address the growing social problem of scams targeting everyday life.
LG Uplus was the first in the industry to establish an on-site cooperation system with the Seoul Metropolitan Police Agency. The company accompanies police to visit customers at risk and detects malicious apps on their smartphones. In addition, LG Uplus is collaborating with the National Police Agency, Ministry of Science and ICT, Korea Communications Commission, Personal Information Protection Commission, and National Forensic Service to enhance security.
However, LG Uplus believes that all telecom companies, device manufacturers, financial institutions, and relevant departments and agencies in both the private and public sectors must unite to form a joint front. Hong stated, "This is an issue that requires the efforts of all stakeholders, not just LG Uplus. Let's meet regularly, share countermeasures, and work together so that everyone can live safely."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
