At noon on March 26, it was exactly 3 days since VNDIRECT's system was attacked by a cyber attack, disrupting transactions for this securities company and its investors. In a report on the incident sent to the State Securities Commission, stock exchanges, and Vietnam Securities Depository and Clearing Corporation, VNDIRECT said the enterprise's technology team coordinated with experts. IT and network security of FPT and Viettel to restore the system.

Both Hanoi Stock Exchange - HNX and Ho Chi Minh City Stock Exchange - HoSE have temporarily disconnected VNDIRECT's trading connection to these two exchanges since March 2 until the problem is completely fixed. full.

W-thong-how-tam-ngung-ket-noi-delivery-1-1.jpg
Both Hanoi and Ho Chi Minh City stock exchanges have temporarily disconnected VNDIRECT's trading connection to these exchanges from March 2. Photo: Van Anh

Although VNDIRECT claims "All customer information and assets are guaranteed to be safe and unaffected", many investors are still worried. Sharing with VietNamNet reporters, Ms. AMV (Hanoi), a retail investor participating in transactions through the VNDIRECT system, said: “Not only am I afraid that my personal information, accounts, and money in my trading account may be taken over by hackers, in the past 2 days I have also not had the opportunity to 'make profits, cut losses' due to trading activities being interrupted. discontinuity. What I am also very interested in is what kind of compensation policy VNDIRECT will have for investors."

Notably, right after the incident where the VNDIRECT system was attacked by hackers, leading to the unit's securities trading system temporarily stopping operations, the State Securities Commission (Ministry of Finance) has just issued an urgent dispatch to the unit. Securities companies and fund management companies to warn about the security of online stock trading systems.

Specifically, to ensure the safe, stable and smooth operation of the stock market, the State Securities Commission has required securities companies and fund management companies to ensure IT systems and infrastructure. The backup database operates safely and continuously in accordance with the provisions of the Securities Law 2019. 

Proactively review and immediately check security plans for the company's IT system, especially stock trading systems and systems connected to the Internet to promptly fix security holes ( if any).

Securities and fund management businesses are also required to urgently check online trading processes, control risks, backup systems and data, and manage and operate IT systems. At the same time, develop measures to respond to and overcome potential security risks.

In case of detecting signs of insecurity, companies must be proactive, concentrate resources to handle, overcome and promptly report to the State Securities Commission, stock exchanges, and the General Assembly. Vietnam securities depository and clearing company and functional agencies to coordinate direction and handling. 

W-su-co-tan-cong-mang-vndirect-1-2-1.jpg
Information security experts advise investors to change their trading account passwords immediately after the VNDIRECT system resumes operations. Illustration photo: Pham Hai

Exchange with VietNamNet, giving advice to investors and businesses from the perspective of personnel working for many years in the field of information security and network security, an expert suggested: Investors participate in transactions through the system of VNDIRECT should change the password of the trading account as soon as this securities company's system returns to operation.

“Enterprises and organizations need to review the system, deploy enhanced technical plans, especially prepare scenarios when an attack occurs, fully backup data, ensure storage in 2 places, independent of geographical location", information security experts recommend.

Information security experts also believe that the attack on the VNDIRECT system is a warning for all securities companies as well as financial institutions to proactively review their network security systems. Securities companies are also one of the organizations that invest heavily in IT systems, including network security.

However, it is clear that these businesses still need to have new ways of doing things, instead of just focusing on investing in technology. Specifically, it may be time for securities companies to ensure network information security for the system according to the "4-layer" defense model guided by the Ministry of Information and Communications. Accordingly, an organization needs to have an on-site network security force, organize regular network information security inspections and assessments, hire professional network information security monitoring services, and connect and share information with customers. National cyber monitoring center.

Transfer to the police in case the VNDIRECT system was attacked by a cyber attackVNDIRECT Securities Joint Stock Company confirmed that the system was attacked by a cyber attack and the problem was fixed. According to VietNamNet's own source, this case has been transferred to the police agency for investigation and handling.