08:15 (GMT +7) - Monday 21/08/2017

Banking & Finance

Plugging the gaps

Released at: 09:34, 25/07/2014

Plugging the gaps

Investment in information security systems by local organisations and companies requires greater attention and awareness among Vietnamese users about information security needs to improve.

by Do Huong, Hoang Thu

    Dangerous counterfeit software and applications that place viruses into mobile phones will continue to be a major threat for years to come as malware attacks on Vietnamese users occur with increasing frequency. Viruses are being implanted by counterfeit versions of popular apps like Instagram, Angry Birds and anti-virus software, and browsers like Firefox and Google Chrome. With a low level of awareness among users regarding information security protection, connecting smartphones and computers is no longer safe as the risk of a virus moving between devices is high, according to local security solutions provider Bkav.

    Mobile e-banking services provided by both local and foreign banks have become hugely popular in Vietnam and provide a great deal of convenience to customers, but come with information security threats and potential financial losses for banks and customers. The more advanced technologies banks have introduced into their operating systems, the more cyber hackers consider attacking it a challenge. According to the Internet Security Threat Report 2014 (ISTR19) released by the Symantec Corporation, banking and finance, trade, industry and manufacturing are the most vulnerable sectors in Vietnam. Vietnam now ranks 12th on the list of countries facing maximum cyber attacks. “Vietnam has jumped nine points compared to 2012 as the rapidly increasing number of internet subscribers and users who lack good cyber security skills lead to cyber systems being hacked,” said Mr Raymond Goh, Director for Systems Engineering, Asia South Region, at Symantec.

    The Information Security Index prepared by the Vietnam Information Security Association (VNISA) and the Vietnam Computer Emergency Response Team (VNICERT) under the Ministry of Information and Communications in 2013 found results similar to the Symantec report. Last year saw Vietnam face a high risk of information security attacks with the goal of stealing information from organisations and companies, including transaction providers. The core of the problem is loopholes in websites’ systems, with many enterprises fixing their system after being subject to a spyware attack. “But most enterprises aren’t even aware they’ve been attacked and had important information stolen, and hackers just watch and wait until it’s the right time to attack,” said Mr Nguyen Minh Duc, Security Manager at the FPT Corporation’s Information and Technology Department.  

    Two major types of cyber attacks face enterprises and organisations in Vietnam: distributed denial of service (DDoS) and theft of sensitive or secret information of individuals and businesses. Many enterprises were the victims of DDoS attacks in 2011 and 2012. The favourite means of hackers is for them to forge an email from a person in the targeted company and send files as attachments. Recipients unwittingly open these files, allowing malicious codes to exploit holes in the Windows operation system to install spyware onto users’ computers. Hackers are then able to collect information and conduct destructive activities, like intervening in transactions with banking and finance institutions or e-commerce providers.

    According to Dr Nguyen Chi Thanh, Director of the Institute of Information Security Technology under VNISA, hackers target victims primarily for financial reasons and the instances of leaders such as CEOs being hacked to collect secret company information is increasing. “IT and security staff at major companies have also been victims,” said Mr Duc from FPT. ICT enterprises like FPT are also primary targets of hackers, as well as financial and banking institutions. Aware of the need to invest in information security, FPT has built a comprehensive system covering servers, network infrastructure, equipment, security software, and security policies. “Most ente