System response and recovery after cyber attack disaster

Ensuring system security against sophisticated attacks.

The workshop was sponsored by the Information Security Department (Ministry of Information and Communications), the Cyber ​​Security and High-Tech Crime Prevention Department ( Ministry of Public Security ) (A05), the Vietnam Information Security Association (VNISA), the National Cyber ​​Security Association (NCA), and the Vietnam Software and Information Technology Services Association (VINASA).

In his opening remarks, Mr. Nguyen Xuan Hoang, Chairman of the CYSEEX Alliance and Vice Chairman of the Board of Directors of MISA Joint Stock Company, emphasized: “Preparing for and recovering from cybersecurity incidents is essential to ensuring system safety and stability against complex attacks. The CYSEEX 2024 conference provides practical knowledge to help minimize damage and enhance system resilience for the business community.”

Mr. Nguyen Xuan Hoang stated that in 2025, the CYSEEX Alliance will focus on combating online fraud to protect information security and maintain a stable digital business environment.

The series of exercises in the form of real-life exercises under the auspices of the Information Security Department has actively contributed to promptly detecting security vulnerabilities in information systems and helping to improve the information security incident response capacity of members in the Alliance.

The Cybersecurity Department considers this a typical model, an extension of the National Coordination Agency and the National Network for Cybersecurity Response, following the direction of cooperation between state management agencies and businesses. This shows that businesses, especially digital technology businesses, have gained awareness from the highest-level leadership to the team responsible for ensuring information security about the role and importance of information security, closely linking information security work with the development of the organization.

Mr. Tran Quang Hung, Acting Director of the Information Security Department, delivered a speech.

Mr. Tran Quang Hung, Acting Director of the Information Security Department - Ministry of Information and Communications, and Mr. Trieu Manh Tung, Deputy Director of the Cyber ​​Security and High-Tech Crime Prevention Department - Ministry of Public Security, shared: “We are determined to work together with the CYSEEX Alliance to enhance security systems and protect the rights of end users to the fullest extent in the digital age.”

According to a report by Mr. Nguyen Quang Hoang, Head of the CYSEEX Exercise Organizing Committee and Director of Information Security at MISA, in 2024, the CYSEEX Alliance conducted cybersecurity exercises on 18 systems, detecting 497 vulnerabilities, including 93 critical vulnerabilities.

The anti-phishing campaign for over 14,000 employees contributed to a 40% reduction in critical vulnerabilities, improved response capabilities, and enhanced security awareness within member organizations.

Mr. Quang Hoang also shared his experience in strengthening cybersecurity, emphasizing the role of the SecDevOps model in mitigating vulnerabilities, raising security awareness, and effectively deploying phishing campaigns.

Looking forward to 2025, CYSEEX will expand its membership, conduct monthly combat exercises, and promote the deployment of Threat Hunting techniques to enhance the security capabilities of Alliance members.

Also at the seminar, Mr. Le Cong Phu, Deputy Director of VNCERT, emphasized the importance of Threat Hunting in detecting potential security threats. This is a proactive method of searching for malicious activity without relying on prior warnings, overcoming the limitations of traditional defense technologies. Threat Hunting helps reduce the time that threats can remain in the system, while improving the ability to respond quickly to increasingly sophisticated cyberattacks.

Practical experience in responding to and restoring systems after an attack.

Sharing his practical experience in responding to and recovering systems after attacks, Mr. Nguyen Cong Cuong, Director of the SOC Center at Viettel Cyber ​​Security Company, clearly outlined the methods used by groups like APT41 and Lazarus, from exploiting vulnerabilities to deploying ransomware. The report also highlighted common security weaknesses and proposed solutions for continuous monitoring, periodic assessments, and incident response planning to enhance system "health."

Representing Dell, Mr. Pham Tien Dung, Director of Strategic Customer Business at Dell Technologies, introduced Power Protect with its Zero Trust platform, which helps businesses protect and recover data against ransomware threats. The solution utilizes physical separation, secure keys, and intelligent AI to ensure data integrity and rapid recovery in a multi-cloud environment, enhancing security and business continuity.

At the seminar, Mr. Nguyen Thanh Dat, Production Director of SONIC, shared insights on defense and recovery strategies for businesses against ransomware threats. The content included common attack methods such as phishing emails and account theft, as well as security solutions like Zero Trust, network segmentation, employee awareness enhancement, and 3-2-1 data backup to ensure rapid recovery.

Mr. Pham Thai Son, Production Director of Vietsunshine, also shared about Pure Storage's solution for protecting enterprise data, which enhances resilience against cyberattacks. SafeMode Snapshot technology enables secure backups, early anomaly detection, and rapid recovery, ensuring data integrity and minimizing losses in the event of security incidents.

Mr. Hoang Hieu, Head of AWS Solutions Vietnam, shared how AWS protects and recovers data from ransomware through system updates, permission management, network segmentation, and secure backups with AWS Backup and AWS DRS, enabling fast recovery, security, and business continuity.

Concluding the workshop, a representative from the CYSEEX Alliance stated that, with its 2025 strategy, the CYSEEX Alliance reaffirms its strong commitment to protecting cyberspace against increasingly sophisticated phishing threats.

By focusing on anti-phishing, the Alliance not only aims to reduce the risk of data theft and financial losses, but also helps maintain the stability and trust of the digital business environment. This will be a solid foundation for individuals and businesses to confidently develop in a safer digital environment.

The Cyber ​​Security Exercise (CYSEEX) alliance is an alliance initiated by MISA in collaboration with Sapo, Viettel Solutions, Bao Viet, Mobifone, and Bravo, with the aim of sharing knowledge and experience to enhance capabilities in preventing and responding to information security incidents in cyberspace.

The CYSEEX Annual Conference, held annually from 2022, is an opportunity to share knowledge and experience, helping members improve their capacity to prevent and respond to cybersecurity incidents.