The conference was jointly organised by the Information Technology Department under the State Bank of Vietnam and the Information Security Authority under the Ministry of Information and Communications.
The experts noted that the Fourth Industrial Revolution was taking place in many countries, bringing opportunities to effect far-reaching changes. This also applies to the banking system in terms of their asset size, capital and network, they said.
In May this year, the Prime Minister issued Decision No 632/QD-TTg, under which the network information security of 11 key areas, including banking, would be prioritised.
Nguyen Huy Dung, deputy director of the Information Security Authority, said that even though banking was a pioneering sector to invest in information safety, the loss of money still occurred because users themselves did not have enough knowledge and financial organisations did not instruct them properly on avoiding risks.
“Therefore, the Ministry of Information and Communications is completing a legal framework on information system security and will announce this in the coming month,” he said.
Nguyen Quang Hung, deputy director of the Information Technology Department under the State Bank of Vietnam, said many banks in Vietnam adhered to global information security standards like ISO 27001 and NIST 800-53.
In addition, to ensure information security, the SBV Governor issued a directive on enhancing security in electronic and card payments early this year, and recently, a decision on security solutions regarding online and bank card payments.
Speaking on information security in the Vietnamese banking system, Thanut Pimhataivoot, an expert from NTT Data Thailand, said that the Vietnamese banking sector had developed security systems in accordance with international practices, but there were some organisations that had not fully abided by regulations, resulting in security incidents.
Ha The Phuong, deputy general director of CMC InfoSec spoke of disadvantages regarding information security at Vietnamese banks.
Some projects investing in security focused on buying equipment, but without a corresponding long-term strategy on human resources and training, he said. In many cases, employees in information and technology management lacked necessary security qualifications, he added.
The expert from CMC InfoSec also mentioned advanced persistent threats (APT) facing the banking information system.
In the context of the increasingly complicated information security situation, banks, payment portal providers and financial institutions need to be more aware of the problems, and develop measures in collaboration with security companies to counter threats and network attacks, experts said at the conference.
VNS