System response and recovery after cyber attack disaster

Ensure system security against complex attacks

The workshop was sponsored by the Department of Information Security - Ministry of Information and Communications), Department of Cyber ​​Security and High-tech Crime Prevention - Ministry of Public Security (A05), Vietnam Information Security Association (VNISA), National Cyber ​​Security Association (NCA) and Vietnam Software and Information Technology Services Association (VINASA).

In his opening speech, Mr. Nguyen Xuan Hoang, Chairman of CYSEEX Alliance, Vice Chairman of the Board of Directors of MISA Joint Stock Company emphasized: “Preparing to respond to and recover from cyber security incidents is an essential factor to ensure system safety and stability against complex attacks. The CYSEEX 2024 conference provides practical knowledge to help minimize damage and enhance system resilience for the business community."

Mr. Nguyen Xuan Hoang said that in 2025, the CYSEEX Alliance will focus on preventing online fraud to protect information security and maintain a stable digital business environment.

The series of exercises in the form of live-fire drills under the auspices of the Information Security Department has actively contributed to promptly detecting security vulnerabilities in information systems and helping to improve the information security incident response capacity of members of the Alliance.

The Department of Information Security assessed this as a typical model, an extension of the National Coordination Agency and the National Cyber ​​Security Response Network, in the direction of State management agencies and enterprises working together. This shows that enterprises, especially digital technology enterprises, have gained awareness from the highest level leaders to the team responsible for ensuring information security about the role and importance of information security, closely linking information security work with the development of the organization.

Mr. Tran Quang Hung, Acting Director of the Department of Information Security, spoke.

Mr. Tran Quang Hung, Acting Director of the Department of Information Security - Ministry of Information and Communications and Mr. Trieu Manh Tung, Deputy Director of the Department of Cyber ​​Security and High-Tech Crime Prevention - Ministry of Public Security shared: "Determined to accompany the CYSEEX Alliance to improve the security system, maximally protecting the interests of end users in the digital age".

According to the report of Mr. Nguyen Quang Hoang, Head of the CYSEEX Exercise Organizing Committee and Director of MISA Information Security, in 2024, the CYSEEX Alliance conducted a cybersecurity exercise on 18 systems, discovering 497 vulnerabilities, including 93 serious vulnerabilities.

The anti-phishing campaign for more than 14,000 employees contributed to a 40% reduction in dangerous vulnerabilities, improving response capacity and security awareness in member organizations.

Mr. Quang Hoang also shared his experience in strengthening network defense, emphasizing the role of the SecDevOps model in minimizing vulnerabilities, raising security awareness and effectively implementing phishing campaigns.

Looking ahead to 2025, CYSEEX will expand its membership, conduct monthly combat drills, and promote the deployment of Threat Hunting techniques to enhance the security capabilities of Alliance members.

Also at the workshop, Mr. Le Cong Phu, Deputy Director of VNCERT, emphasized the importance of Threat Hunting in detecting potential security threats. This is a proactive method of searching for malicious signs without relying on prior warnings, overcoming the limitations of traditional defense technology. Threat Hunting helps reduce the time that threats can exist in the system, while improving the ability to respond quickly to increasingly complex cyber attacks.

Practical experience in rescuing and restoring systems after being attacked

Sharing his experience in responding to and recovering systems after being attacked, Mr. Nguyen Cong Cuong, Director of the SOC Center, Viettel Cyber ​​Security Company, clearly stated the methods of groups such as APT41 and Lazarus from exploiting vulnerabilities to deploying ransomware. The report also pointed out common security weaknesses and proposed solutions for continuous monitoring, periodic assessment and incident response planning to improve the "health" of the system.

Dell representative, Mr. Pham Tien Dung, Director of Strategic Customer Business, Dell Technologies introduced Power Protect with Zero Trust platform, helping businesses protect and recover data against ransomware threats. The solution uses physical separation, security keys and intelligent AI, ensuring data integrity and rapid recovery in multi-cloud environments, enhancing security and business continuity.

At the workshop, Mr. Nguyen Thanh Dat, SONIC Production Director, gave comments on defense and system recovery strategies for businesses against ransomware threats. The content included common attack methods such as phishing emails, account theft, and security solutions such as Zero Trust, network segmentation, employee awareness raising, and 3-2-1 data backup to ensure quick recovery.

Mr. Pham Thai Son, Production Director of Vietsunshine, also shared about the solution to protect business data with Pure Storage, which helps increase resilience against cyber attacks. SafeMode Snapshot technology allows for secure backup, early detection of abnormalities and quick recovery, helping to ensure data integrity and minimize losses in the event of a security incident.

Mr. Hoang Hieu, Head of AWS Vietnam Solutions, shared how AWS protects and recovers data from ransomware through system updates, permission management, network segmentation, and secure backups with AWS Backup and AWS DRS, helping to restore quickly, ensuring safety and continuity for businesses.

Closing the workshop, the representative of the CYSEEX Alliance said that with the 2025 strategy, the CYSEEX Alliance affirms its strong commitment to protecting cyberspace from increasingly complex fraud threats.

By focusing on anti-phishing, the Alliance not only aims to reduce the risk of data theft and financial losses, but also helps maintain the stability and trust of the digital business environment. This will be a solid foundation for individuals and businesses to confidently develop in a safer digital environment.

CYSEEX Information Security Alliance (abbreviation of Cyber ​​Security Exercise) is an alliance initiated by MISA with Sapo, Viettel Solutions, Bao Viet, Mobifone, Bravo with the purpose of: Sharing knowledge and experience to help improve capacity in preventing and responding to information security incidents in cyberspace.

The CYSEEX Annual Conference, held annually from 2022, is an opportunity to share knowledge and experience, helping members improve their capacity to prevent and respond to cybersecurity incidents.