From the cyber attack on VNDirect, businesses need to "protect investors"

Cyber ​​attacks are not recent, but the VNDirect incident has really received attention due to its large impact on the market and the large number of stock investors affected.

This is the comment of Mr. Ngo Tuan Anh, Vice President of Vietnam Information Security Association, emphasized at the seminar on Information Security in the securities sector organized by Investor Magazine on the morning of April 9.

Recently, there have been a series of ransomware attacks targeting businesses and organizations in Vietnam. According to Mr. Ngo Tuan Anh, this is one of the dangerous threats in the field of cyber security when hacker groups will attack and encrypt data, then blackmail, asking the attacked subjects to transfer money to receive the key to unlock the encrypted data. "Ransomware attacks are a global risk, not just in Vietnam" - Mr. Ngo Tuan Anh stated.

The risks and damages are obvious, however, Mr. Tuan Anh believes that businesses are not paying much attention to network security and safety, and have not invested properly in this work. Meanwhile, the risk of cyber attacks does not exclude any business and no information technology system can completely protect against cyber attacks.

Mr. Le Cong Phu, Deputy Director of the Vietnam Cyber ​​Emergency Response Center (Vncert) - Ministry of Information and Communications , from the reality of the VNDirect case, businesses are quite confused by the cyber attack incident.

According to Mr. Phu, most securities companies in particular and enterprises in general have not complied with information on network information security by level. Decree 85/2016 promulgating regulations on ensuring information security by level identifies information systems that need to approve records by level, corresponding to each level, the governing body needs to have protection solutions for each level. However, compliance of enterprises is an issue that needs to be improved and overcome in the coming time to enhance the safety of information technology systems.

Mr. Phu also said that the Department of Information Security (Ministry of Information and Communications) has requested securities companies to report to the department before April 15 regarding the implementation of information security assurance by level and information security assurance according to the 4-layer model.

At the seminar, Mr. Le Hoang Giang, an officer of Department 4, Department of Cyber ​​Security and High-Tech Crime Prevention ( Ministry of Public Security ) said that after the incident at VNDirect, the Department of Cyber ​​Security and High-Tech Crime Prevention (Ministry of Public Security) immediately worked with VNDirect and the State Securities Commission (SSC) to investigate the issue.

Besides clarifying the hackers' methods of attacking the system, the police are also concerned about the impact of the cyber attack on the stock market in general and on stock investors using the VNDirect system in particular, when the system is suspended.

According to Mr. Le Hoang Giang, investors are the ones directly affected when the system is temporarily suspended due to data encryption attacks. "After this incident, I hope that securities companies will raise awareness of information system security, so that the stock market is healthy and investors' interests are protected," Mr. Giang emphasized.

Also related to the securities sector, Lieutenant Colonel Nguyen Anh Tuan, Deputy Director of the National Population Data Center under the Department of Administrative Management of Social Order, Ministry of Public Security (C06) said that in the process of implementing Project 06, C06 coordinated with ministries and branches, including the State Securities Commission. "Recently, the coordination was to help the State Securities Commission apply equipment and citizen data solutions to promote operational management, not security and confidentiality" - Lieutenant Colonel Nguyen Anh Tuan said.

According to Mr. Tuan, the accurate verification of citizen information will contribute to more effective management in securities transactions. Thanks to that, violations of the law will be detected early, the risk of fraud, money laundering, market manipulation will be reduced, and overall transparency in the securities market will be enhanced.