VNDirect suffers a setback - Information security is a matter of survival.

Compared to the VPS attack nearly three years ago, the attack at VNDirect is more serious.

According to an analysis by a technology expert, the complete system shutdown and the lengthy service recovery time raise suspicions that hackers may have penetrated quite deeply into the system.

According to this expert, finding the full cause of a cyberattack typically takes one to two weeks. Administrators and experts will have to trace every clue to reconstruct the entire attack, thereby finding vulnerabilities and developing countermeasures for the future. Furthermore, there are usually three risks when a securities company is attacked: disrupted trading, causing economic losses to investors; leaked personal information; and compromised or changed account passwords.

Currently, VNDirect affirms that all customer information and assets are secure and unaffected. The incident only affected transactions.

A crucial factor requiring early defense.

Speaking to readers of Investment Newspaper at the Talkshow "Technology 'Transforming' Customer Experience" held earlier this year, Mr. Nguyen Phuc Nguyen, Director of Information Technology at Bao Viet Securities Company (BVSC), described the consequences of an attack on securities companies' systems as "terrible."

"In the securities industry, security is a 'vital' factor. Securities companies have the unique characteristic of real-time data and instantaneous transactions, so the consequences of an attack would be devastating. Therefore, from the moment they begin providing online services, service providers must build defenses against attacks and security barriers," Mr. Nguyen emphasized.

Not only in the securities sector, but also in the banking and finance sector, secure investment is a significant investment for organizations. Mr. Luong Tuan Thanh, Director of Technology and Digital Transformation atOCB Bank, stated that OCB's current defense system comprises three layers: protecting customer data, protecting the bank's systems, and protecting daily banking and financial operations.

"One highly regarded concept regarding public security is 'zero trust.' This means that even in banking systems and information security systems, no one should be trusted, not even bank employees or IT personnel, to ensure safety and security during operations."

According to Mr. Thanh, major cyberattacks and security breaches target specific sectors, so in the banking sector, banks share information about risks and interbank attacks to support each other in defense. Banking systems primarily utilize data-driven systems to monitor unusual behavior, transactions, or anomalies within the system, enabling early and automated defense. By the time an attack is detected, it's often too late. That's why automated defense and preparation are crucial to ensure security.

Regarding the incident at VNDirect, the securities company is currently working with partners, including leading technology corporations in Vietnam, and coordinating with the Cyber ​​Security and High-Tech Crime Prevention Department (PA05) and the Cyber ​​Security and High-Tech Crime Prevention Bureau (A05) to ensure the prevention of similar incidents to VNDirect and maintain market safety.

In addition to building defenses against attacks and sharing information to support each other in defense, in today's cyber environment, financial institutions also need to focus on supporting customers. As with the securities sector, Mr. Nguyen Phuc Nguyen emphasized the need to help customers better protect themselves through various means such as product design, trading methods, and customer communication…

Sometimes, simply clicking on a link can lead to a customer's password being stolen quickly. Even in the stock market, attacks can sometimes be as simple as someone buying a stock without actually transferring the money... These are all real risks for customers.