The digital transformation process is a breakthrough opportunity for businesses. Along with this process, they face many risks of intrusion and data theft. To adapt to the risks in a constantly changing society, businesses need to ensure network security, contributing to ensuring sustainability against developed platforms.

Thousands of security vulnerabilities discovered

At the workshop "Response and recovery of the system after the disaster" held on November 13 by the CYSEEX Information Security Alliance, Mr. Tran Quang Hung - Deputy Director of the Department of Information Security ( Ministry of Information and Communications ) assessed, " In recent years, the exercise has shifted from passive to real-life exercise. Through the exercise, many vulnerabilities have been discovered, contributing to early warning and early detection for the system to become more and more secure.

In the coming time, the drills will focus on response capabilities and flexible recovery capabilities. From 2024 onwards, there will no longer be system tests, but will focus on training staff, which is a key factor in ensuring information security. There will be more in-depth and more realistic tests.

The representative of the Department of Information Security also gave statistics that in 2023, more than 100 drills were organized, with the participation of many ministries, branches and businesses. Up to 1,200 vulnerabilities at high and severe levels were detected (548 severe vulnerabilities, 366 high-level vulnerabilities). In case these 1,200 vulnerabilities were detected by hackers first, the risk of data loss and system destruction would be very large.

Preparing to respond to and recover from cyber security incidents is essential to ensuring the safety and stability of information systems against increasingly sophisticated and dangerous attacks.

A series of recent ransomware attacks have targeted individuals and businesses in Vietnam. Statistics show that in 2023, more than 745,000 devices were infected with malware, resulting in losses of $716 million.

In particular, ransomware-as-a-service (RaaS) is a type of malware that provides malware as a service with rapidly increasing profit sharing, becoming a serious threat causing great damage to businesses and the community...

Mr. Nguyen Xuan Hoang, Chairman of CYSEEX Alliance, Vice Chairman of the Board of Directors of MISA Joint Stock Company, said that with the motto "the best defense is to proactively attack", in 2024, the alliance successfully organized 9 drills, on 18 important information systems of alliance members.

In the past two years, we have witnessed a series of cyber attacks, especially ransomware attacks. These attacks not only affect information security but also disrupt business operations, causing great damage to the finances, reputation, and prestige of businesses.

"In the face of these dangers, being prepared and improving the ability to respond to and restore the system after a disaster is an urgent task," Mr. Hoang shared.

Every business is a target

Mr. Nguyen Cong Cuong - Director of SOC Center - Viettel Cyber ​​Security Company pointed out that many small businesses are still very self-conscious when they think they will not be the target of hacker groups.

"Many businesses think that if they are not in the economic sector or are not large-scale, hackers will not pay attention to them. However, any industry or company of any size will eventually become a target of attack.

"Attacking groups that have not invested enough will target small businesses to attack and infiltrate more easily, while large attacking groups with high operating costs will often choose large companies to attack, in order to get more money from businesses," Mr. Nguyen Cong Cuong shared.

According to statistics, on average, it takes up to 275 days for attackers to penetrate a system before they are detected. However, this is only an average number. Some systems take up to several years to be detected.

In fact, large companies around the world have had security vulnerabilities and have been hacked. That shows that there is a need to pay attention to managing vulnerabilities and security vulnerabilities.

Mr. Cuong also pointed out 5 common vulnerabilities of many popular businesses such as not performing security vulnerability checks for self-developed or outsourced applications and software; Using third-party operating systems and applications but not regularly updating patches.

High privileged accounts are assigned too many unnecessary rights or the employee has left the company but the account is not revoked; Setting up a server system on the same network, it is easy to access the servers together and finally, the case of many systems conducting online data backup, so when attacked, this data will be immediately encrypted.

At the workshop, Mr. Le Cong Phu, Deputy Director of VNCERT shared that security technologies have many limitations, because attack techniques and activities change very quickly and are difficult to detect due to encryption.

The first thing when the subjects attack the system is to turn off the warning system from the monitoring devices, so we need to proactively handle the incident before it happens, to avoid the attack becoming a disaster, especially in units with large system platforms.

Controlling the entire information system of intruders takes a lot of time, even weeks or years. The process of "hunting" for threats increases identification and reduces the time attackers "reside" in the system.

Mr. Phu also emphasized the importance of Threat Hunting in detecting potential security threats.

This is a proactive method of searching for malicious signs without relying on prior warnings, overcoming the limitations of traditional defense technologies.

Threat Hunting reduces the amount of time a threat can persist in a system, while improving the ability to respond quickly to increasingly complex cyber attacks.