From the cyber attack on VNDirect, businesses need to "protect investors"

Cyber ​​attacks are not recent, but the VNDirect incident has really received attention due to its large impact on the market and the large number of stock investors affected.

This is the opinion of Mr. Ngo Tuan Anh, Vice President of Vietnam Information Security Association, emphasized at the seminar on Information Security in the securities sector organized by Investor Magazine on the morning of April 9.

Recently, there have been a series of ransomware attacks targeting businesses and organizations in Vietnam. According to Mr. Ngo Tuan Anh, this is one of the dangerous threats in the field of cyber security when hacker groups will attack and encrypt data, then blackmail, asking the attacked subjects to transfer money to receive the key to unlock the encrypted data. "Ransomware attacks are a global risk, not just in Vietnam" - Mr. Ngo Tuan Anh clearly stated.

The risks and damages are obvious, however, Mr. Tuan Anh believes that businesses are not paying much attention to network security and safety, and have not invested properly in this work. Meanwhile, the risk of cyber attacks does not exclude any business and no information technology system can completely protect against cyber attacks.

Mr. Le Cong Phu, Deputy Director of the Vietnam Cyber ​​Emergency Response Center (Vncert) - Ministry of Information and Communications, from the reality of the VNDirect case, businesses are quite confused by the cyber attack incident.

According to Mr. Phu, most securities companies in particular and enterprises in general have not complied with information on network information security at all levels. Decree 85/2016 promulgating regulations on ensuring information security at all levels identifies information systems that need to approve records at all levels, and for each level, the governing body needs to have protection solutions at all levels. However, the compliance of enterprises is an issue that needs to be improved and overcome in the coming time to enhance the safety of information technology systems.

Mr. Phu also said that the Department of Information Security (Ministry of Information and Communications) has requested securities companies to report to the department before April 15 regarding the implementation of information security assurance by level and information security assurance according to the 4-layer model.

At the seminar, Mr. Le Hoang Giang, an officer of Department 4, Department of Cyber ​​Security and High-Tech Crime Prevention (Ministry of Public Security) said that after the incident at VNDirect, the Department of Cyber ​​Security and High-Tech Crime Prevention (Ministry of Public Security) immediately worked with VNDirect and the State Securities Commission (SSC) to investigate the issue.

In addition to clarifying the hackers' methods of attacking the system, the police are also concerned about how the cyber attack affects the stock market in general and stock investors using the VNDirect system in particular, when the system is suspended.

According to Mr. Le Hoang Giang, investors are the ones directly affected when the system is temporarily suspended due to data encryption attacks. "After this incident, I hope that securities companies will raise awareness of information system security, so that the stock market is healthy and investors' interests are protected," Mr. Giang emphasized.

Also related to the securities sector, Lieutenant Colonel Nguyen Anh Tuan, Deputy Director of the National Population Data Center under the Department of Administrative Management of Social Order, Ministry of Public Security (C06) said that in the process of implementing Project 06, C06 coordinated with ministries and branches, including the State Securities Commission. "Recently, the coordination was so that the State Securities Commission could apply equipment solutions and citizen data, to promote operational management, not security and confidentiality" - Lieutenant Colonel Nguyen Anh Tuan said.

According to Mr. Tuan, by verifying accurate citizen information, it will contribute to more effective management in securities transactions. Thanks to that, violations of the law will be detected early, minimizing the risk of fraud, money laundering, market manipulation, and generally increasing transparency in the securities market.