“We keep monitoring our information systems and we report to the boss that our company is still free from attacks. And that is why we are always asked by the boss why we need to make heavier investments in information security,” an entrepreneur said at a workshop about ransomware attacks against manufacturing enterprises held June 12.

Bui Trung Thanh from Viettel Cyber Security (VCS) said the number of cyberattacks has been increasing rapidly and becoming increasingly complex.

VCS’s Threat Intelligence system found that in the first quarter of 2024, the number of ransomware attacks increased by 70 percent over the same period last year. Many large manufacturing enterprises around the world have also become victims of ransomware attacks, incurring a loss of hundreds of million of dollars.

Thanh said anyone can become the victim of ransomware attacks, especially when this type of attack is RaaS (renin-angiotensin-aldosterone system).

The typical characteristic of this type of attack is that hackers install malware in enterprises’ information system for a long time, up to 200 days, to detect vulnerabilities and identify important data of the systems. Many enterprises can’t recognize the threats and take no action, therefore, they miss opportunities to prevent threats.

“They only realize the threat when data have been encrypted. But it is too late and the consequences they incur are far worse than the amount of money they should pay to ensure information security,” Thanh said.

He went on to say that in manufacturing sector, enterprises are the favorite prey of hackers because the enterprises are willing to pay to get data back.

In general, enterprises lack staff with high qualifications in cybersecurity to cope with complicated attacks. Risks also come from the IoT trend which creates more doors for hackers to penetrate into information systems. 

Many institutions are still using old IT systems, while smart production chains and supply chains are complicated with many third-party partners all over the world, which makes it more difficult to ensure information security. 

Bui Thi Hoa from Viettel Cyber Security Maturity Program (CSMP) said that in such conditions, manufacturing enterprises need to have a unit specializing in information security as a partner.

CSMP, created by Viettel’s staff based on their 10-year experience in the field, is a special program that provides a comprehensive protection service package to enterprises against cybersecurity threats, solves the problem of a shortage of workers, and helps optimize costs in long-term investment.

Van Anh