Vietnamese businesses worry about being blackmailed by malware

After WannaCry, the most constant concern of Vietnamese businesses when it comes to information security is the fear of being blackmailed by malware.

“The obsession is that when we surveyed, 100% of businesses said that the thing they are most worried about regarding cyber security is ransomware,” said Dr. Vo Van Khang, Vice President of the Southern Branch of VNISA Information Security Association, at the Vietnam Information Security Day 2017 held this morning, November 23 in Ho Chi Minh City.

A WannaCry ransom note.

The WannaCry attack broke out on May 12. A total of 240 units in Vietnam, mainly businesses, suffered damage from this malware, with an estimated loss of several hundred million VND. Of which, a company in Hanoi owns 40 servers and 7 servers infected with the malware, and spent about 100 million VND to fix it.

The evolution of ransomware is predicted to be more complicated. Rival businesses can take advantage of ransomware attack services as a tool to sabotage each other.

“Currently, there is also a ransomware attack service on the market. This service provides a very simple infrastructure for attacking and spreading malware. Even people who are not very tech-savvy can use these tools to spread malware to blackmail businesses. In our opinion, the ransomware market continues to grow,” said Mr. Khang.

In a survey on the information security situation in the Southern region recently published by the VNISA chapter, in response to concerns about continued ransomware attacks, more than 61% of organizations and businesses surveyed have applied data encryption measures for important information. Up to 89% are interested in data backup methods.

According to a report by security firm Symantech, Vietnam is in the top 10 countries with the highest detection of cybercrime and is also one of the most targeted cyberattacks in 2016.

The level of information security awareness of enterprises has also improved. Nearly 69% have a dedicated information security officer. More than 75% have implemented an information security policy. Regarding the ability to detect cyber attacks, nearly half of organizations believe that they have not been attacked and many enterprises fully monitor each time they are attacked.

However, up to now, most businesses still invest less than 5% of their total investment capital in information technology. Only less than 30% have a high investment rate, which fluctuates between 10-15%.

According to a report by security firm Symantech, Vietnam is in the top 10 countries with the highest detection of cybercrime and is also one of the most targeted cyberattacks in 2016. According to Kaspersky Lab, Vietnam is in the top 3 countries affected by attacks on IoT devices, just behind China and higher than Russia.

“By the end of October 2017, there had been a total of more than 11,000 different cyber attacks. At the APEC Conference, we discovered 27 targeted attacks on the summit system and the press center, 17 vulnerabilities were discovered and thousands of potential attacks,” Minister of Information and Communications Truong Minh Tuan informed the National Assembly a few days ago.

Mr. Nguyen Trong Duong - Director of Vietnam Computer Emergency Response Center (VNCERT) said that the issue of concern is the lack of human resources. "In the coming time, there needs to be a solution to develop human resources for the information security industry. We must build a rescue team with sufficient capacity and timeliness when an emergency situation occurs," he said.

According to VNE