LG Uplus announced that it will invest 700 billion won over five years to strengthen information security. It also suggested forming a public-private cooperation information security council to address the social issue of fraud crimes.
Hong Kwan-hee, Chief Information Security Officer (CISO) of LG Uplus, said on the 29th at the company's headquarters in Yongsan, Seoul, "We will invest approximately 700 billion won in information security over the next five years," adding, "We plan to increase investments by more than 30% annually this year, following last year." The company invested 82.8 billion won in information security last year, indicating an intention to increase the annual average investment to 140 billion won.
LG Uplus introduced a 'security first' strategy that includes expanding investments and enhancing overall security capabilities. The company plans to strengthen three main capabilities—security governance, prevention, and response—centering on the newly established Security Center, which reports directly to the Chief Executive Officer (CEO), and aims to complete a zero-trust security system by 2027.
Zero trust is a security system that continuously verifies the identity of individuals accessing internal systems, minimizing damage even if a hacker breaches the system.
To prevent security breaches, LG Uplus has been conducting the longest black-box penetration testing in history from November last year until the first half of next year. This involves hiring external white-hat hacker groups to hack all of its services to uncover potential vulnerabilities, verifying security in real-life scenarios without sharing prior information.
As part of its security first strategy, LG Uplus also introduced a system to prevent damage from voice phishing and smishing crimes.
During the monitoring phase, threats of voice phishing and smishing are detected 24/7 through the customer damage prevention analysis system, which is an AI-based data integration and response system, along with measures such as blocking spam messages and malicious URLs.
According to the company, LG Uplus is the only domestic telecommunications company actively tracking malicious app servers operated by criminal organizations. Through tracking these servers, LG Uplus directly identifies customers who have accessed them.
LG Uplus directly blocks access to detected malicious app servers on its network and informs the police of the relevant information to protect more customers. In fact, about 23% of all voice phishing cases reported to the police in the second quarter were transmitted by LG Uplus after tracking the malicious app servers.
During the response phase to crimes, LG Uplus works in real-time to counter voice phishing and smishing attempts against its customers. The distribution of spam messages containing malicious URLs has increased the number of spam blocks by 1.4 times within five months, thanks to the advancement of an AI-based spam blocking system.
When criminal organizations attempt voice phishing over the phone, the AI call agent "Exio" detects it and warns the customer. The anti-deep voice feature can also distinguish machine-generated voices. Since its launch in November last year, Exio has detected an average of about 2,000 suspected voice phishing calls per month.
The 'emergency response' stage is a situation where the installation of a malicious app by the customer is confirmed and immediate action is required. Data related to malicious apps collected by the telecommunications company or provided by external agencies undergoes thorough analysis by related institutions, which leads to police deployment.
Even during the procedures, the victim may be exposed to crime. If LG Uplus confirms the customer's installation of a malicious app through its own analysis, such as tracking malicious app servers, it immediately sends a notification through KakaoTalk.
Customers who receive the notification can seek assistance from security consultants stationed at over 1,800 LG Uplus stores nationwide or from police officers at nearby police stations. The malicious app infection notifications have been sent to about 3,000 customers within four weeks since their implementation on June 30.
LG Uplus plans to establish a system that trains AI on the actual call patterns of criminal organizations to enable immediate protection for customers at high risk.
LG Uplus also proposed the formation of a public-private cooperation information security council to combat fraud crimes that have become a social issue. The company explained that it has built a field cooperation system with the Seoul Metropolitan Police Agency, going beyond simply providing information to the police, making it the first in the industry.
Hong noted, "LG Uplus has systematically elevated its security level according to plans, realizing the importance of security more rapidly than any other domestic corporation," adding, "We will continue to implement strategic investments for flawless security and strive to become a telecommunications company that provides security perceived by customers."