At noon on March 26, it was exactly 2 days since VNDIRECT's system was attacked by the network, disrupting transactions of this securities company and investors. In the incident report sent to the State Securities Commission, stock exchanges, and Vietnam Securities Depository and Clearing Corporation, VNDIRECT said that the company's technology team coordinated with IT and network security experts from FPT and Viettel to restore the system.

Both the Hanoi Stock Exchange – HNX and the Ho Chi Minh City Stock Exchange – HoSE have temporarily disconnected VNDIRECT’s trading connection to these two exchanges since March 25 until the problem is completely resolved.

W-notice-of-temporary-suspension-of-transaction-1-1.jpg
Both Hanoi and Ho Chi Minh City stock exchanges have temporarily disconnected VNDIRECT's trading connection to these exchanges since March 25. Photo: Van Anh

Although VNDIRECT claims that “All customer information and assets are guaranteed to be safe and unaffected”, many investors are still worried. Sharing with VietNamNet reporter, Ms. AMV (Hanoi), a small investor participating in transactions through the VNDIRECT system, said: “Not only am I afraid that my personal information, account and money in my trading account may be stolen by hackers, but for the past 2 days I have not had the opportunity to ‘make a profit, cut losses’ due to the interruption of trading activities. What I am also very concerned about is what compensation policy VNDIRECT will have for investors”.

Notably, right after the VNDIRECT system was hacked, leading to the temporary suspension of the unit's securities trading system, the State Securities Commission (Ministry of Finance) has just sent an urgent dispatch to securities companies and fund management companies to warn about the security of online securities trading systems.

Specifically, to ensure the safe, stable and smooth operation of the stock market, the State Securities Commission has required securities companies and fund management companies to ensure that their IT systems and backup databases operate safely and continuously in accordance with the provisions of the 2019 Securities Law.

Proactively review and immediately check security plans for the company's IT systems, especially the stock trading system and systems connected to the Internet to promptly fix security vulnerabilities (if any).

Securities and fund management businesses are also required to urgently review online trading processes, risk control, system and data backup, and IT system operation management. At the same time, develop measures to respond to and overcome potential security risks.

In case of detecting signs of security insecurity, companies must be proactive, focus resources to handle, overcome and promptly report to the State Securities Commission, stock exchanges, Vietnam Securities Depository and Clearing Corporation and competent authorities for coordination and direction.

W-su-co-tan-cong-mang-vndirect-1-2-1.jpg
Information security experts advise investors to change their trading account passwords immediately after the VNDIRECT system is back in operation. Illustration: Pham Hai

Speaking with VietNamNet , giving advice to investors and businesses from the perspective of a long-time employee working in the field of information security and network security, an expert suggested: Investors participating in transactions through VNDIRECT's system should change their trading account passwords as soon as the securities company's system is back in operation.

"Businesses and organizations need to review their systems, deploy enhanced technical solutions, especially prepare scenarios in case of attacks, fully back up data, ensure storage in 2 places, independent of geographical location," information security experts recommend.

Information security experts also said that the VNDIRECT system attack is a warning for all securities companies as well as financial institutions to proactively review their network security systems. Securities companies are also one of the organizations that invest heavily in IT systems, including network security.

However, it is clear that these businesses still need to have a more innovative approach, instead of just focusing on technology investment. Specifically, it is probably time for securities companies to ensure network information security for the system according to the "4-layer" defense model guided by the Ministry of Information and Communications. Accordingly, an organization needs to have an on-site network security force, organize regular network information security assessments, hire professional network information security monitoring services and connect and share information with the national cyberspace monitoring center.

Transferring the case of VNDIRECT system being hacked to the police VNDIRECT Securities Joint Stock Company confirmed that the system was hacked and the problem has been fixed. According to VietNamNet's own source, this case has been transferred to the police for investigation and handling.