return icon Vietnamnet.vn

Expert shows different outlook on security flaw patching

VietNamNet Bridge - Domestic organizations, stage agencies and businesses remain passive in handling  security vulnerabilities, which brings high risks to networks, especially servers.
VietNamNet Bridge - Domestic organizations, stage agencies and businesses remain passive in handling  security vulnerabilities, which brings high risks to networks, especially servers.

{keywords}

According to Ngo Viet Khoi, an information security expert, former director of Trend Micro Vietnam, 74 percent of cyberattacks succeed right on the first day the flaw becomes known, while it takes 30-45 days on average to release a genuine patch. The interval when systems are most vulnerable is called ‘zero day’.

In general, the process of patch testing, result approval, data backup and installation may last several months or quarters. Meanwhile, the patch update process depends on procedures and policies set up by organizations, and on the systems’ scale. It also depends on the organizations’ stagnation and bureaucracy.

Domestic organizations, stage agencies and businesses remain passive in handling  security vulnerabilities, which brings high risks to networks, especially servers.
The habit of using cracked, unlicensed software and old applications (programmed to run on the operating systems which no longer receive support from the issuers such as Windows XP, Window 7 and Windows Server 2013) also increases the risk of security flaws unable to be patched.

In other cases, the organizations’ policy to not budget for expenses on software and hardware upgrades caused flaws to exist through fiscal years.

Experts have repeatedly warned about the advanced persistent threats (APT), targeting predetermined subjects such as state agencies, enterprises and military, energy and astronaut institutions to steal data. 

The tardiness in vulnerability patching will give golden chances to hackers to implement their plans. 

Also according to Khoi, the information technology activities carried out by government agencies and businesses heavily depend on server or datacenter systems. Patching vulnerabilities on applications and operating systems is specific work, unwanted by administrators.

In many cases, security vulnerabilities are exploited before software providers discover the vulnerabilities. With scanning tools, hackers can quickly find the holes to exploit before official patches are released.

Meanwhile, many Vietnamese agencies and businesses don’t have necessary awareness of information security. They only are equipped with security solutions for one time and invest in updated patches to save money. 

Many agencies don’t handle vulnerabilities even when they are warned about them.

Khoi commented that the ‘patching when and where there is flaw’ puts enterprises and organizations in the ‘passive voice’ in protecting information security. 

He advised information security officers to proactively approach new vulnerability patching method instead of waiting for patches from service providers.

One of the solutions Khoi suggested is the virtual patching, the quick development and implementation of a security policy to prevent an exploitation caused by a newly discovered vulnerability.

With the solution, the zero-day interval would be shortened to several hours or several days. It is advisable in case the official patch has not come or will not come.


Buu Dien


MORE NEWS

VIETNAM NEWS HEADLINES FEBRUARY 1/2023

Party chief’s book on corruption fight to make debut

Google Doodle honours first female Vietnamese newspaper editor Suong Nguyet Anh

The world’s most popular search engine Google has paid tribute to Suong Nguyet Anh, the first female editor of the nation’s first women’s newspaper by posting a drawing of her on its homepage on February 1.

Banh Cuon among world top 10 dishes visitors should try in 2023

Australian travel magazine Traveller has listed Banh Cuon, Vietnamese steamed rice rolls, among the top 10 best meals from around the world that visitors should try in 2023.

Party chief directs key tasks for new year

Party Secretary Nguyen Phu Trong on Tuesday chaired a meeting of the Secretariat of the Communist Party of Vietnam (CPV) Central Committee, mapping out key tasks for the new year.

VIETNAM BUSINESS NEWS FEBRUARY 1/2023

Domestic market to drive tourism recovery in 2023: insider

Some big companies made profits in 2022, but others incurred losses

While Duc Giang Chemicals and Binh Son Refining and Petrochemical have reported big profits for Q4 and the year 2022, Vietnam Airlines and leading steel manufacturer Hoa Phat saw big losses for the year.

Vietnamese couple help German bicyclist in distress

Trung and Nhung, a Vietnamese couple, on the way to travel across Vietnam on Tet holiday, saw a foreigner who was facing troubles because of strong winds in Ninh Thuan.

Vietnam develops green agriculture to increase exports to EU

Vietnam is paying attention to mobilising resources to invest in developing green agriculture with an aim to raising the market share of its agricultural exports to the European Union.

Vietnamese team comes first at Southeast Asian Fencing Championship

Vietnam secured the first position at the 2023 Southeast Asian Fencing Championship which has taken place recently in Malaysia.

2023 - Time for Edtech to thrive in Vietnam

Experts are positive about the development of Vietnam’s education technology (Edtech) market in 2023 if local Edtech companies can overcome post-pandemic challenges.

UK imports from Vietnam in 2022 put at over US$6 billion

United Kingdom (UK) imports from Vietnam amounted to US$6.06 billion last year, rising by 5.2% over 2021, according to the General Department of Vietnam Customs.

Five more registration officials in Hanoi prosecuted for soliciting bribes

Police of Hanoi’s Thuong Tin District has started legal proceedings against five officials at 2915D Registration Centre for taking bribes.

Thai Thi Lien, Vietnam's matriarch pianist and pedagogue, passes away

Thai Thi Lien, one of the founders of Vietnam's National Academy of Music, passed away on Tuesday peacefully at her home at the age of 106, her son Tran Thanh Binh said.

VN striker Tien Linh vies for Asia’s Best Footballer Award 2022

Vietnamese striker Nguyen Tien Linh has been listed among the 25 nominees for the Best Footballer in Asia 2022 award organized by Titan Sports of China.

Visa policy change needed to further attract foreign visitors: tourism authority

A key for Vietnam to attract more foreign tourists at this time is to change its visa policy, said Chris Farewell, a member of the Tourism Advisory Board (TAB).
back_to_top