A workshop on IT and information security – CIO CSO Summit 2023 – was held in Hanoi some days ago to discuss information security investment orientation for the digital future. 

The event, co-organized by AIS, Viettel Cyber Security and IEC Group, aimed to support institutions and businesses to anticipate risks and become confident in the digital era.

Viettel Cyber Security CEO Nguyen Son Hai said many units and businesses don’t realize that they have been attacked.  

Along with digital transformation, organizations and businesses are facing risks of information insecurity. Viettel Threat Intelligence system reported that up to 12 million accounts in Vietnam have been hacked, while 48 million data records of individuals and institutions have been leaked and sold in cyberspace.

Regarding financial fraud, the technical system has found that 5,800 domain names have been used to create websites impersonating commercial banks, e-wallets, manufacturing enterprises and retail companies so as to swindle and appropriate users’ assets.

Meanwhile, ransomware is also an extremely high risk for organizations and businesses in recent years. Ransomware can create serious consequences, and paralyze all the operations of organizations. The amount of money cybercriminals extort from victims could be up to millions of dollars.

“The encrypted data of organizations published on the Internet have the capacity of 300 GB. But the real figure is much higher,” Hai said.

AIS’ Tran Dang Khoa also pointed out that the risk of information insecurity has always existed, and organizations and businesses need solutions to deal with the risks.

Khoa mentioned five criteria for cybersecurity solutions: 1/ legal 2/ effective 3/ proper, 4/ comprehensive and 5/ Make in Vietnam.

First of all, organizations and businesses must comply with the law. Ensuring cybersecurity is not only a must, but also their responsibility, especially for enterprises which provide online services to people.

If they don’t strictly observe regulations on ensuring cybersecurity, the organizations will be responsible before the law when incidents occur. Under the law, information security is a "mandatory" requirement.

However, experts point out that many organizations and businesses don’t know what they have to do to make their security systems effective.

In many cases, businesses spend big money to install very modern protection systems. However, their investments will be just a waste of resources if they cannot detect and prevent cyberattacks.

As resources are limited, ensuring both the efficiency of the systems and reasonable costs is a difficult task. However, cybersecurity firms can help settle the problem.

The top priority task for businesses and organizations is handling potential dangers, and the risks in information systems.

In many cases, businesses make heavy investments in cybersecurity systems and solutions amid new dangers, but they ‘forget’ to settle existing risks with updated systematic patches. It happens that systems are being hijacked but information system owners don’t know about the attacks, because attackers keep waiting for opportunities, or they silently steal information.

“Clear the risks you have been aware of, the dangers that are existing in your systems before thinking of making investment in the tools to protect you from new risks,” Khoa recommended.

He went on to say that deploying the solutions to ensure safety for information systems is not enough for businesses to protect themselves.

In fact, many information systems are hijacked not because of the direct cyberattacks, but because of mistakes by members of the system.

Within an organization, the individuals with bad technological skills could be a vulnerability for the whole system. By hacking the individuals, criminals can expand their attacks to other members and then hijack the whole systems.

“Providing knowledge and skills in cybersecurity to all the officers of businesses and organizations is a very important thing to protect information systems,” Khoa said.

He also advised businesses and organizations to prioritize to use Make in Vietnam products, solutions and services.

Vietnamese solution providers can best understand the specific problems of Vietnamese organizations, and therefore, can design solutions to address the problems.

Businesses should use Vietnamese solutions also because they can get timely support and assistance in solving problems from domestic service providers.

Trong Dat