Concluding the conference to deploy the task of developing the stock market in 2024 held at the end of February, the Prime Minister directed the State Securities Commission to preside over and coordinate with relevant agencies to urgently review the entire Thoroughly inspect and inspect the stock trading system and IT system, proactively develop risk control processes, measures to handle and respond to urgent situations, to prevent technical incidents from occurring. technology, ensuring security and safety of the financial system, and benefits for investors.
However, the Vietnamese stock market has just witnessed an information insecurity incident that experts consider to be serious, when the system of VNDIRECT Securities Company was discovered to have been attacked by a cyber attack since the morning of March 24. , making business operations of enterprises and transactions of many stock investors impossible.
After nearly 4 days of disruption to the entire system due to a cyber attack by a group of professional subjects, VNDIRECT Securities Joint Stock Company has just completed phase 1 of the 4-phase roadmap to gradually reopen systems and products. products and amenities. Currently, only the My Account account lookup system has been restored.
Since the VNDIRECT incident, as the State management agency for network information security, on March 27, the Information Security Department requested securities companies to strengthen the security of information systems. information within the scope of management of your business.
This agency stated that the occurrence of network information security incidents in some securities company systems recently has caused serious damage to securities businesses, while also leading to confusion and psychology. partly affecting users' confidence in the safety of stock exchanges in Vietnam in particular and the financial market in general.
To ensure the safety of information systems of securities companies, the Information Security Department recommends that these businesses, from now until April 15, focus on completing the review and inspection. , evaluate and ensure information security of information systems under management and immediately deploy measures to overcome risks, vulnerabilities, and weaknesses of the systems; Especially with customer account management systems, serving online stock transactions.
Securities companies need to review and organize to ensure the safety of information systems by level, especially the organization of statistics and classification of information systems under their management; Develop an implementation plan to complete regulations to ensure information system security by level.
The goal to be achieved is to ensure that 100% of operating information systems are approved for safety level no later than September; Fully implement the information security assurance plan according to the approved level proposal dossier no later than December.
Organize effective, substantive, regular and continuous implementation of information security work according to the 4-layer model, especially improving the capacity of the monitoring layer, professional protection and continuous maintenance , stable connection and information sharing with the National Cyberspace Safety Monitoring Center.
In parallel with developing an incident response plan for the information system under its management, securities companies also need to implement a plan to periodically back up important systems and data to promptly restore in case of failure. data encryption attack.
In addition, it is necessary to review and promote the implementation of activities to respond to cyber information security incidents in Vietnam; Periodically perform threat hunting to promptly detect signs of system compromise.
"With a system that has detected a serious security vulnerability, after fixing the vulnerability, the unit needs to immediately carry out threat hunting to determine the possibility of previous intrusion.", a representative of the Information Security Department noted.
Securities companies are also required to check and update information security patches for important systems according to warnings from the Information Security Department and related agencies and organizations. At the same time, periodically inspect, evaluate and review to promptly detect information security holes and existing weaknesses in the system.
