[Interview] "LG Uplus Aims to Be No.1 in Security... Public-Private Cooperation Is Key"

"Although LG Uplus is the third-largest player in the mobile telecommunications market, my goal is for us to become number one in security. I want our company to be the benchmark for security that others try to emulate."

Hong Kwanhee, Chief Information Security Officer (CISO) and Chief Privacy Officer (CPO), Executive Vice President of LG Uplus, shared this goal as a security leader during an interview with Asia Economy at the LG Uplus Magok headquarters in Gangseo-gu, Seoul, on August 20.

Hong Kwanhee, Chief Information Security Officer (CISO) and Chief Privacy Officer (CPO), Executive Vice President of LG Uplus, is being interviewed by Asia Economy on the 20th at the LG Uplus Magok building in Gangseo-gu, Seoul. Photo by LG Uplus

Hong is a security expert with extensive experience in information protection and security. He previously served as Head of Information Security at Nexon and held the CISO position at Samsung Card and Coupang. He joined LG Uplus in July 2023, where he now leads overall privacy protection and security.

Upon joining LG Uplus, Hong began by strengthening the security organization. "I started by establishing security governance," he said. "I personally participate in weekly management meetings led by the CEO and in basic check meetings (on security, quality, and safety). Even if a management meeting is canceled, the safety check meeting is still held every week," he explained.

Recently, LG Uplus won the Grand Prize-the highest honor-at the Information Security Awards hosted by the Ministry of Science and ICT and organized by the Korea Information Security Industry Association (KISIA). This year marks the 24th edition of the awards, and only two companies, including LG Uplus, received the Grand Prize. Among telecommunications companies, LG Uplus was the only recipient.

The reason LG Uplus has reinforced its security organization is due to the painful lesson of a data breach incident. Around January 2023, about two years ago, a hacking incident led to the leakage of approximately 300,000 customer records onto illegal trading sites such as the dark web. Hong joined LG Uplus not long after this security incident. Following his arrival, the CISO organization was placed directly under the CEO.

Learning from this, LG Uplus has been increasing its security-related investments every year. Before the incident, annual security investments ranged from KRW 20 billion to 40 billion, but last year, this amount rose to about KRW 80 billion, and this year, it is expected to increase to KRW 120 billion. Over the next five years, LG Uplus plans to invest KRW 700 billion in information security. Hong emphasized, "What matters in security is not the investment amount, but how well the investment is used and how thoroughly it is managed. It is also crucial to ensure that security equipment is kept up to date with cyberattack trends and that security personnel have the necessary capabilities."

Hong Kwanhee, Chief Information Security Officer (CISO) and Chief Privacy Officer (CPO), Executive Vice President of LG Uplus, is being interviewed by Asia Economy on the 20th at the LG Uplus Magok building in Gangseo-gu, Seoul. Photo by LG Uplus

In the field of security, LG Uplus has recently focused its capabilities on combating voice phishing and spam messages. Hong explained, "With our AI agent 'IXIO,' about 2,000 cases of voice phishing are detected in real time each month. In addition, our notification service about malicious app infections, sent to customers who have installed malicious apps, was delivered to about 4,500 people last month."

The problem of voice phishing cannot be solved by the efforts of a single telecom provider. This is why, at the end of last month, Hong proposed the formation of a public-private joint information security council at a press conference. "Recently, at a meeting with Minister Bae Kyunghoon of the Ministry of Science and ICT and representatives from telecom companies, the minister suggested forming a council at the government level. I believe it will be established soon," Hong said. "If there is a system that allows real-time sharing of attack patterns coming into telecom companies and those identified by the government, it will make response and prevention of further damage much easier," he emphasized.

Training to prevent hacking incidents is also conducted regularly. In addition to a major data breach at another telecom company earlier this year, ransomware incidents have also become more frequent recently. LG Uplus is strengthening its threat response capabilities through training that simulates real hacking attacks. "Looking at recent cases, I realized that such incidents could happen to us at any time," Hong said. "We conducted a simulated personal data leakage drill last April, and we plan to carry out more training in the second half of this year or next year."

For mobile service users, Hong recommended security practices such as not clicking on suspicious message links, managing passwords, and protecting authentication information. "You should always be suspicious of voice phishing messages. We conducted a smishing drill for our employees using malicious messages disguised as funeral notices, and surprisingly many were deceived," Hong said. "For authentication information, instead of using the same password everywhere, I recommend using solutions that automatically generate and store stronger, encrypted passwords."

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.