The above comment was shared by Mr. Nguyen Gia Duc, Country Director of Fortinet Vietnam with VietNamNet reporter, on the sidelines of the annual security event Fortinet Accelerate Vietnam 2024 held in Hanoi recently.

To prove his point, Mr. Nguyen Gia Duc said that the FortiGuard Labs research team sought to determine the time it takes for a security vulnerability to move from initial release to exploitation, whether vulnerabilities with high Exploit Prediction Scoring System (EPS) scores are exploited more quickly, and whether it is possible to predict the average time hackers exploit using data from the EPSS system.

Based on this analysis, Fortinet experts pointed out that in the second half of last year, hackers increased the rate at which newly disclosed vulnerabilities were exploited, 43% faster than in the first half of 2023. This shows the importance of vendors committing to self-detecting vulnerabilities from internal teams and developing patches before exploitation can occur, minimizing the cases of 'sticking' to Zero-Day security vulnerabilities.

“It also highlights the need for vendors to be proactive and transparent in disclosing vulnerabilities to customer organizations and businesses to ensure they have the information they need to effectively protect their assets before cyber attackers can exploit the vulnerabilities,” Fortinet experts recommend.

For units using technology products and solutions, Mr. Nguyen Gia Duc said that they need to regularly review and evaluate the information security of systems under their management, especially paying attention to timely updating patches for vulnerabilities released by the supplier.

According to experts, exploiting security vulnerabilities, especially high-impact and serious vulnerabilities that exist in popular technology solutions to create a 'springboard' to penetrate the system and thereby take control and steal information from the organization is one of the prominent cyber attack trends in recent years. However, in reality, many units are still not interested in reviewing and patching the vulnerabilities and weaknesses that have been warned.

In Vietnam, as a State management agency in the field of network information security, the Department of Information Security (Ministry of Information and Communications) regularly reviews, evaluates, and detects security vulnerabilities in information systems of agencies, organizations, and enterprises; warns and requests units to patch errors and ensure information security for the system in accordance with legal regulations.

Speaking at the plenary session of the Vietnam Cyber ​​Security Summit 2024 themed 'Security in the era of artificial intelligence explosion', held at the end of May in Hanoi, a representative of the Ministry of Information and Communications requested agencies, organizations and businesses to focus on implementing 6 groups of solutions, including periodically hunting for threats to promptly detect signs of system intrusion.

With systems that have detected serious security vulnerabilities, after fixing the vulnerability, units need to immediately conduct threat hunting to determine the possibility of previous intrusion. Check and update information security patches for important systems.

Domestic agencies, organizations and enterprises are also recommended to regularly and continuously use information security support platforms developed and provided by the Ministry of Information and Communications, including: National network information security incident handling coordination platform; Digital investigation support platform; Information security risk management, detection and early warning platform.

In newly shared information, the Department of Information Security said that the Technical Monitoring System of the National Cyber ​​Security Monitoring Center - NCSC under the Department recorded that in May 2024, there were 89,351 weaknesses and information security vulnerabilities existing in servers, workstations, and information systems of State agencies and organizations.

Also in May 2024, NCSC's remote monitoring and scanning system detected more than 1,600 vulnerabilities on 5,000 systems that are publicly available on the Internet. In particular, the technical system of this unit recorded 12 newly announced vulnerabilities, with a high level of serious impact, which can be exploited by hackers to attack and exploit the systems of agencies and organizations, including: CVE-2024-4671

“These are vulnerabilities that exist in popular products of many agencies, organizations and businesses. It is recommended that units conduct comprehensive checks and system reviews to help determine whether their systems use products affected by vulnerabilities, and promptly take timely remedial measures to protect information security. At the same time, continuously update information on new vulnerabilities and cyber attack trends,” the expert from the Department of Information Security recommended.

The Ministry of Information and Communications has launched a digital platform to help detect information security risks early . The platform for managing, detecting and warning about information security risks has just been put into operation by the Ministry of Information and Communications. This digital platform is expected to contribute to improving the protection capacity of organizations and businesses in Vietnam.