Data encryption attacks against Vietnamese businesses are becoming more complex and unpredictable. Since the end of March 2024, a series of ransomware attacks against Vietnamese businesses and organizations have caused great damage, leading to confusion and anxiety for millions of Vietnamese users.
In that context, the issue that many organizations and businesses in Vietnam are concerned about is how much investment should be made in information systems? Another question that is also raised is how much investment is needed to defend against data encryption attacks?
Sharing at the Seminar on Preventing Ransomware Attacks organized by the IT Journalists Club on the afternoon of April 5, Mr. Vu Ngoc Son, Technical Director of National Cyber Security Technology Joint Stock Company (NCS) - Head of Technology Research Department of National Cyber Security Association said that people imagine that investing in cyber security is expensive, but it is not like that.
According to the world's general formula, investment in cyber security usually accounts for about 10% of investment costs for information systems. This is not a large number.
“ The ideal investment level for cybersecurity is currently 10%, and 20% is good, however, in Vietnam this has not been achieved, currently it is only below 5% ,” said Mr. Vu Ngoc Son.
On the national bidding portal, the total investment for network security monitoring services is 56 billion VND. Another bid for firewall equipment is 50 billion VND. A firewall project but the cost is equal to the total cost of network security monitoring projects of all agencies and organizations bidding on the national public service portal. According to expert Vu Ngoc Son, this shows a large difference in investment in information security systems.
In addition, Mr. Son also said that what needs to be done is to invest properly, not how much money to invest. Vietnamese agencies and organizations often invest 80% of their costs in prevention, however, they only spend 15% of their capital on monitoring and 5% on response. The new thinking now is to invest equally in prevention, monitoring and response, in a three-legged stool style.
According to Lieutenant Colonel Le Xuan Thuy, Director of the National Cyber Security Center (Department A05, Ministry of Public Security), Gartner's report shows that information security costs often account for about 10-15% of the IT investment budget and have now increased.
The Ministry of Information and Communications has issued relatively specific guidance on this issue, with information security assurance depending on the level. In particular, backup (data backup) is one of the criteria. However, Lieutenant Colonel Le Xuan Thuy said that organizations and businesses cannot rely on backup systems to survive, especially in the case of an escalating attack, which takes time to recover.
Sharing about this issue, Mr. Nguyen Van Cuong - Deputy General Director of CMC Cyber Security said that investing in information security systems needs to be based on the scale of the business and the importance of the data they are deploying.
For small and medium-sized enterprises, with data that is not too important, the monitoring system for these units is quite simple. Small and medium-sized enterprises only need to use cloud services of network security monitoring enterprises at very low cost.
However, experts also say that investing in information security systems does not mean that there will be no attacks. Monitoring systems only help detect but cannot prevent incidents, which depends on the cybersecurity solutions that organizations and businesses have invested in.
One thing to keep in mind is the behavior of the managing unit. The awareness of the leader is very important because he is the one who signs the contract and decides to invest. Without full awareness, the investment can easily be misdirected, spending money but the system still has loopholes. Moreover, if the managing unit receives a warning from the monitoring unit but does not follow it, the system can still be attacked.
Source
Comment (0)