Toss’s program ran for just a few months in its first two years, but the company has kept it running continuously since late 2023. Hackers can report any vulnerabilities they discover to the app. These white hat hackers can be rewarded with up to 30 million won (more than half a billion dong) if they find serious bugs.
Toss is the only financial firm in Korea that runs a regular bug bounty program, which reflects the firm’s confidence in its security capabilities, according to Lee Jong Ho, a white hat hacker and head of Toss’s security department.
Lee told the Korea Herald that the bug bounty program can expose all the vulnerabilities that a company is unaware of in its security system. In addition, Toss is the only Korean company with a “red team” – a term for a team of cybersecurity staff tasked with simulating attacks to test the effectiveness of security systems or strategies.
Toss’s red team consists of 10 white hat hackers in addition to Lee. They work with the “blue team” (the defense team) on a daily basis. “By removing biases, we uncover vulnerabilities that companies overlook and try to penetrate defenses, thus strengthening our resilience against real threats,” Lee explains.
Toss has enhanced its security measures by creating custom defense programs, such as Toss Guard and Phishing Zero, and integrating them internally. These measures not only ensure flexibility and scalability to accommodate the company's growth, but also promote a tight defense system tailored to Toss' unique environment, Lee emphasized.
However, committing to enhanced security is not a simple choice for companies due to the significant costs involved. According to a report by Viva Republica, the operator of Toss, of the total 83.9 billion won invested in information technology last year, 11.5 percent – or 9.6 billion won – was dedicated to security, one of the highest ratios recorded among Korean tech companies.
Lee said this commitment to improving security was the reason he chose to join Toss. After spending a decade at security solutions provider RaonSecure, Lee was sought after by many companies. He initially turned down Toss but was persuaded to change by founder and CEO Lee Seung Gun.
Lee stresses that Toss’ defenses aren’t perfect. As technology advances, it’s ironically becoming easier for cybercriminals to infiltrate our daily lives, he notes. Generative AI technologies like large language models, ChatGPT, and more offer new attack vectors, lowering the barrier to entry for cybercriminals. There’s also ransomware that’s available as a monthly subscription service.
Noting that the market is growing rapidly, Lee said it is important for companies to develop their own security systems instead of relying on off-the-shelf solutions. At the same time, there is a need to raise overall awareness to reduce the risk of cyber attacks. He suggested that cybersecurity should be included in compulsory education programs, just like fire safety in schools.
(According to Korea Herald)
Source
![[Photo] President Luong Cuong attends the 90th Anniversary of Vietnam Militia and Self-Defense Forces](https://vstatic.vietnam.vn/vietnam/resource/IMAGE/2025/3/26/678c7652b6324b29ba069915c5f0fdaf)
![[Photo] Editor-in-Chief of Nhan Dan Newspaper Le Quoc Minh receives Iranian Ambassador Ali Akbar Nazari](https://vstatic.vietnam.vn/vietnam/resource/IMAGE/2025/3/26/269ebdab536444818728656f8e3ba653)
![[Photo] General Secretary To Lam receives Singaporean Prime Minister Lawrence Wong](https://vstatic.vietnam.vn/vietnam/resource/IMAGE/2025/3/26/4bc6a8b08fcc4cb78cf30928f6bd979e)
![[Photo] General Secretary To Lam's wife and Singaporean Prime Minister's wife enjoy Vietnamese folk art](https://vstatic.vietnam.vn/vietnam/resource/IMAGE/2025/3/26/1f1ae987b3134092b5876a0e3553d9a8)
Comment (0)