The hacking incident at SK Telecom has caused national shock, with repercussions spreading to the security company SK shieldus. In particular, the sudden resignation of Hong Won-pyo, who led SK shieldus, on the 30th of last month, has led to various interpretations regarding the background. While some suspect a 'correlation' given that it involved the departure of a corporate head responsible for SK Telecom's cybersecurity work, the company stated, 'It's unrelated, just a matter of timing.'
According to the security industry on the 9th, SK shieldus provides information security services to the entire SK Group, including SK Telecom, and has made cybersecurity monitoring a core business. For this reason, interest is growing regarding SK shieldus's range of response and role in this incident related to the breach of the USIM authentication system.
SK shieldus is the second-largest physical security provider in the country and the leading cybersecurity company. It was reborn as a converged security company that encompasses both information and physical security after the merger of the unmanned security company ADT caps and the information security company SK infosec in 2021.
In 2023, 100% of the equity of SK shieldus was transferred to a special purpose company (SPC) 'Korea Security Holdings,' jointly established by SK Square and Swedish private equity firm EQT Partners. Within this company, EQT holds 68% of the equity while SK Square holds 32%, and the actual management rights are exercised by EQT. Under this governance structure, SK shieldus has distanced itself from the incident.
Although there were no direct responsibilities, some in the industry interpret that the timing of former Vice Chairman Hong's resignation reflects a moral burden. According to SK shieldus, Hong's term was set to end at the end of July, and the internal guideline required notification of reappointment by the end of April.
According to the information protection disclosure, as of 2023, SK Telecom had 46.4 internal personnel and 176 external personnel dedicated to its information protection sector. It is reported that 80 to 100 of the external personnel were composed of SK shieldus personnel.
Even though there may be no direct responsibility, some interpret that the resignation of former Vice Chairman Hong reflects a moral burden regarding the timing. According to SK shieldus, Hong's term was supposed to last until the end of July, and the internal guidelines stated that the notification of reappointment should occur by the end of April.
Former Vice Chairman Hong is an IT expert who previously served as the representative of Samsung SDS, head of global marketing at Samsung Electronics, and head of KT's mobile internet business division. In August 2023, he was appointed as the representative of SK shieldus, leading the strengthening of converged security and the expansion of global business.
A representative of SK shieldus noted, 'The decision to retire was made according to regular internal schedules and has no relation to the recent SK Telecom incident,' adding, 'Former Vice Chairman Hong wanted to recharge for personal reasons, and the internal management respected his wishes.'
Currently, SK shieldus is transitioning to a board management system and is in the process of selecting a successor. The next representative is tasked with strengthening security governance within SK Group, a key client.
Chey Tae-won, chairman of SK Group, defined the recent incident as 'a matter of security, not just hacking,' bowing his head in acknowledgment. On the 7th, he stated, 'We will conduct a comprehensive review of the security system across the group,' announcing plans to establish an 'Information Protection Innovation Committee' involving external experts. Amid these movements, the role and responsibilities of SK shieldus are expected to become more significant.
A security industry official commented, 'This incident is unprecedented, as the authentication system of a telecommunication service provider was breached. It is a crucial moment that necessitates a review of the overall responsibility and response system at the SK Group level,' adding, 'While SK shieldus may not bear direct responsibility, its image as a leading security corporation is bound to be affected.'