State agencies’ websites most vulnerable to cyberattacks

December 25, 2019 | 10:05 am GMT+7

Việt Nam reports approximately 26 cyberattacks per day, with Governmental agencies, banks and e-commerce websites the most vulnerable.


 Nguyễn Thành Hưng, deputy minister of information and communications, delivered the data at the Tuesday cyberattack drill for northern provinces in Hà Nội hosted by the Việt Nam Computer Emergency Response Team (VNCERT).

The drill drew the participation of 300 attendants, including about 150 IT technicians and officials from the State agencies, banks and enterprises.
Hưng said that the Government was focusing resources into building a functional e-Government, with the websites or electronic portals being a fundamental part to connect authorities with people and businesses.
So far, 17 of 23 ministries and all 63 provinces and cities of Việt Nam have launched their own websites.
From October 20 to November 17, 744 cyberattacks were reported to VNCERT including 428 malware attacks, 254 phishing scams and 62 website defacement attacks. Việt Nam’s websites, especially those belonging to State agencies, have thousands of security holes, which could allow hackers to gain unauthorised access and interfere with operations and data.
The systems’ low security sophistication can lead to breaches of information related to servers, services, domains or email lists. Failures to update security patches also allow hackers to exploit vulnerabilities and let the number of holes remain high.
"Information security is quite similar to healthcare sector, in developing countries, the focus is primarily on treating the diseases while the developed countries pay a lot of attention to preventive measures," Hưng said, urging State agencies to focus more on protection against attacks rather than how to deal with incidents and breaches when they already occur.
Nguyễn Trọng Đường, deputy head of Authority of Information Security, said the Government should have invested in training the IT labour force and upgraded technology and innovation.
This year's drill focused on websites’ attack prevention and control. Participants were divided into 30 teams and each managed an independent network of servers running on cloud software. Stimulated attacks were carried out in different ways, forcing teams to be flexible in making responses.
Teams were required to perform quick situation analysis, investigation and come up with solutions to resist the attacks, protecting systems, making patches and mitigating further incidents.
A similar event for southern provinces is set for December 26 in Vĩnh Long Province.