LG Uplus to Invest 700 Billion Won in Security Over Five Years... Proposes Public-Private Council (Comprehensive)

LG Uplus will invest approximately 700 billion won in security over the next five years. The company unveiled its "Security First" strategy, which centers on three main pillars: governance, prevention, and response. It also introduced AI-based countermeasures to prevent voice phishing and smishing. LG Uplus further proposed the establishment of a public-private information security council to prevent customer damage caused by voice phishing and smishing.

On the morning of July 29, LG Uplus held a security strategy briefing at its headquarters in Yongsan-gu, Seoul, where it announced these plans. Kwanhee Hong, Head of the Information Security Center (CISO/CPO, Executive Vice President) at LG Uplus, who presented at the event, stated, "We will continue to realize robust security through strategic investment and aim to become a telecommunications company that provides security customers can truly experience."

Hong Kwanhee, Head of Information Security Center at LG Uplus, is introducing the Security First strategy at a press conference held at the LG Uplus headquarters in Yongsan-gu, Seoul, on the morning of the 29th. Provided by LG Uplus

LG Uplus has been continuously increasing its security investments and workforce. This year, the company plans to increase its security investment by more than 30%, with total investments over the next five years expected to reach approximately 700 billion won. Hong explained, "We expect to invest around 120 to 130 billion won in security this year," adding, "This means we plan to invest at least 120 to 150 billion won in security annually for the next five years."

In July 2023, LG Uplus established the Information Security Center, a security-dedicated organization reporting directly to the CEO. Since then, the company has strengthened its security framework around three pillars: security governance, security prevention, and security response. First, "security governance" is in its completion phase, centered on the Information Security Center, which oversees company-wide information protection. As a member of the management committee, Hong participates in major internal decision-making processes, including those related to security.

To enhance security prevention, LG Uplus has been conducting black box penetration testing since November last year. This involves hiring external white-hat hacker groups to identify vulnerabilities. The company will extend this penetration testing until the first half of next year. Hong stated, "Our goal is to minimize attack surfaces that could be targeted externally so that customers can use our services with peace of mind."

For advanced security response, LG Uplus is strengthening its AI-based monitoring system. By 2027, the company plans to establish a "Zero Trust" model tailored to LG Uplus, which does not trust any access by default and always performs verification. Using AI, the company will automate abnormal access control and detection of suspicious activities.

Hong Kwanhee, head of the Information Security Center at LG Uplus, demonstrates the process of voice phishing carried out through smartphones installed with malicious apps during a press briefing held at the LG Uplus headquarters in Yongsan-gu, Seoul, on the morning of the 29th. Photo by LG Uplus

On this day, LG Uplus also introduced a comprehensive package to prevent damage from voice phishing and smishing crimes. The company has developed step-by-step countermeasures, including monitoring, crime response, and emergency response, by segmenting the customer service usage process.

In the monitoring phase, the AI-based Customer Damage Prevention Analysis System detects voice phishing and smishing threats, blocks spam messages, and prevents access to malicious links. LG Uplus is the only telecom company in Korea that directly tracks malicious app servers operated by criminal organizations.

During the briefing, Hong demonstrated how an actual voice phishing organization takes control of a smartphone infected with a malicious app. He showed how a program controlling a compromised smartphone could access the camera feed in real time or arbitrarily change the caller ID of incoming calls. He also demonstrated how, even if a victim tries to call the police, the app intercepts the call and connects it to the voice phishing organization instead.

Hong emphasized, "Once a malicious app is installed, any call made can be intercepted by the criminal organization, and real-time wiretapping via the smartphone's camera and microphone becomes possible, making victims more vulnerable to voice phishing and psychologically distressed. Immediate protection is urgently needed."

LG Uplus directly identifies customers who have accessed these malicious app servers through its tracking. For already analyzed malicious apps, the company blocks server access directly on its network and shares related information with the police.

In the crime response phase, LG Uplus responds in real time to voice phishing and smishing attempts targeting its customers. By enhancing its AI-based spam blocking system, the company increased the number of blocked spam messages containing malicious links by 1.4 times in just five months. The AI call agent "IXIO" detects voice phishing and warns customers, and its anti-deep voice feature can distinguish even machine-manipulated voices.

In the final "emergency response" phase, immediate action is taken for customers with malicious apps installed. If internal analysis confirms a customer's device is infected, LG Uplus sends a KakaoTalk AlimTalk notification immediately. Since the introduction of the malicious app infection notification on June 30, about 3,000 customers have received these alerts.

At the briefing, Hong proposed forming a public-private information security council to address livelihood-related fraud crimes, which have become a social issue. He stressed that, rather than responding as a single telecom operator, all telecom companies, device manufacturers, financial institutions, and relevant public and private sector departments and agencies must work together.

He stated, "I believe this is an issue that requires the efforts of all parties, not just LG Uplus," and suggested, "Let's meet regularly and share countermeasures so that every citizen can lead a safe life."

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.