Digital Society Management and Decree 53, which guide the implementation of a number of Cybersecurity Law articles

Decree 53/2022/ND-CP guiding the implementation of a number of articles of the Law on Cybersecurity will take effect on October 1. With the technology development, especially the connection technology infrastructure in the globalized world, these are the necessary regulations that VSEC experts will share the following from the perspective of the supplier: provide network security services.

Interview with Mr. Truong Duc Luong – Chairman of VSEC

Question: We have recently received contact from a number of foreign newspapers  and members of the community who are keenly interested in Article 26 regarding regulations for foreign enterprises providing cross-border services. As a network security expert, could you provide your perspective on this matter?

Mr. Truong Duc Luong: Within the framework of the law, I think it is necessary to have regulations like this. With the development of technology, especially technology infrastructure, it has made connecting easier than ever. Technological applications have also created a parallel society to the real society in which we live every day. We can call it a digital society. Digital society has many common features of real society and also has many unique features. The most basic feature is borderless, identity. Digital society, besides the positives, also comes with many negatives like the real society, and the development of the digital society also needs to be accompanied by management measures to help the population to be less affected by negative impacts such as intimidation, fraud, fake information, etc. 

VSEC – The first MSSP service provider in Vietnam to achieve CREST international certification for Pentest and SOC services 

Many technological tools, like the Internet and social media platforms, etc., originate from the West and bring with them Western philosophies and cultures. Digital society can therefore be said to be built mostly from the West. And in the development process, the conflict between the real society and the digital society is understandable when the borderless nature is different from the borderless nature of the real society. These contrasts are evident in areas like perceptions of freedom, business practices, and tax views. 

Mr. Truong Duc Luong – Chairman of VSEC. 

This brings us to the content of Article 26 of the Decree, which defines the types of enterprises/businesses that will be governed by the law. These are companies in the fields of communication (social networks), finance (payment gateways), and commerce (markets, electronic floors). Managing real society and digital society, in my opinion, real society must be prioritized because incidents in digital society can cause significant damage in real society. Numerous examples in the media have demonstrated this. A digital society can emerge from anywhere in the world due to its borderless nature. Therefore, the management of the digital society will be difficult to achieve effectively without a real way of linking between the manager and the unit that creates the digital society. 

Currently, article 26 is carrying out methods including: Storing identity data in Vietnam and Setting up offices/branches in Vietnam. In the future, there may be other methods. However, for now, I think these two tools are enough to start. In my opinion, there are some following reasons. Firstly, electronic transactions and the inherent nature of identity technology are often weak. As a result, detailed requirements for the information to be stored will make it feasible to enforce management when issue occur. Secondly, the law was introduced in 2018, and now after 4 years, businesses in Vietnam have had a certain growth to meet the technical requirements of modern storage. Thirdly, legitimacy is important in management. Additionally, when there are people who have the authorities to work and be present in Vietnam, it has created more efficiency in coordination, management information or handling issues. Therefore, having offices or branches of “virtual society” companies in Vietnam has had great effects on managers. 

The proposed law will often take time to put into practice and adjust accordingly. I hope the law will be a good tool for the virtual society to become healthier and more positive, bringing good value to the real society

Thank you Mr. Truong Duc Luong,

Learn more about Decree 53/2022/ND-CP here

Source: VSEC

In the final months of the year, consumers in Vietnam and around the world tend to shop more when the commodity market shows signs of stabilization and when Christmas and the Lunar New Year are approaching. This is a golden time for shopping, as well as the month of December in which hackers and scammers can increase their online fraudulent activity.

According to the Ministry of Industry and Trade, the total retail sales of consumer goods and services in the third quarter of 2022 were estimated at VND 1,450.4 trillion, up 3.8% from the previous quarter and 41.7% from the same period the previous year. In the first nine months of 2022, total retail sales of consumer goods and services are projected to increase by 21% over the same period last year, with the first quarter showing a 5% increase, the second quarter showing a 20.1% increase, and the third quarter showing a 41.7% increase.

Crime increase in the last months of the year

E-commerce or shopping applications are believed to be an essential factor in promoting year-end consumption, particularly when consumers prefer online shopping following the Covid-19 epidemic’s fluctuations. This is also the time of year when consumers and sellers are most at risk of hacker attacks if they are not vigilant while shopping online. Here are a few types of attacks that consumers should pay special attention to.

1. Impersonating employees of companies/brands giving gifts

Scammers obtain shopper contact information by impersonating post office workers or customer service agents of some companies, who provide warranty upgrade information, promotions, or gift announcements. The gullible consumer will supply information or pay a fee or tax in order to acquire the freebie.

In addition, numerous subjects impersonated bank employees and money-lending companies in order to obtain personal information from users, such as social security numbers, certificate of land use rights, etc. 

2. Stealing personal information on social networking sites

Numerous subjects commit cyber fraud by stealing personal information from social networking sites and chat applications in order to borrow money, preying on the credulity of victims. Experts recommend that consumers “slow down” in order to verify the veracity of the information exchanged and contact their acquaintances through alternative communication channels.

3. Creating fake social media accounts

As the platform for chat applications, social networks make it simple to establish accounts; many con artists take advantage of this to create fake social media accounts. Targets are online merchants on e-commerce websites. In order to steal information and hack the seller’s bank account, the subject will request a bank account number with internet banking, account holder name, phone number, etc. when ordering products online.

To receive money, the scammer will send a message stating that the account has been credited and requesting that the recipient access a link and update all login information and the OTP code. 

4. Impersonating a banker/police agency/procuracy, etc.

The scammer will pretend to be a bank employee or a police officer and inform you that your bank account is having problems, errors, cases, etc. When a recipient is concerned, they may be tempted to supply a pin code, card information, a phone number, and a link to access the login and account information. 

5. Creating fake sales and investment information pages

Sophisticated fraud occurs when scammers create fake sales websites. Fake websites or names of reputable sales units, inexpensive sales pages, and inducements for customers to log in to their shopping accounts in order to steal credit card information, or establish websites for financial investments, virtual money with extremely high interest rates. After customers have participated in the investment for a period of time, the objects will actively destroy the fake website in order to steal the customers’ investment funds.

Experts advise consumers to be wary of any information related to requests for personal information or bank account information. In addition to us, users may also create additional multi-factor authentication.

Source: Synthesis

In most cases, the expense of fixing a data breach can exceed the company’s actual financial expenses, etc.

Most businesses are worried about cybercrime (65%), mobile fraud (41%), email (40%), cloud data leakage (38%) and other similar threats. (Illustration).

PwC’s latest 2022 Global Digital Confidence Survey polled over 3,500 CEOs from 65 different countries. Accordingly, 27% of businesses around the world have lost $1 million to $20 million or more due to a data breach in the last three years.

Despite having sustained millions of dollars in losses from cyberattacks, less than 40% of executives surveyed reported having fully mitigated cybersecurity risks in several areas, including: telecommuting and flexibility (38%); accelerating cloud adoption (35%); increasing use of the Internet of Things (IoT) (34%); increasing digitization of supply chain (32%); and office administrative activities (31%).

Moreover, senior executives voiced concern that their companies lacked the resources necessary to effectively counteract the growing threats. Cybercrime (65%), mobile fraud (41%), email (40%), cloud data leak (38%), hacking/account hijacking of business email (33%), and ransomware (32%) are on top list of risks in the cyber environment in 2023. Security in the supply chain becomes a major issue for operational executives.

Though transparency regarding cyber incidents is desired, only 56% of CEOs believe that their company can give information about a critical incident within a predetermined time frame. 70% of CEOs in businesses worry that increased openness and transparency may cause them to lose their competitive edge. 

INCREASE NETWORK SECURITY BUDGET

Sixty-nine percent (69%) of the business owners polled indicated their companies are allocating more money to security this year, and another 65 percent said they wish to invest more in 2023.

“Companies should establish a clear and consistent reporting system; have a contingency plan to respond quickly to ensure the system’s continuity; and prioritize building a network security risk management strategy.” Mrs. Nguyen Phi Lan, Deputy General Director of PwC Vietnam.

The majority of CEOs (52%), said they will take greater action to address cybersecurity in the future years and will push for substantial initiatives to strengthen cybersecurity. 

Some CFOs are also planning to prioritize cybersecurity, which includes investing in technological solutions (39%), prioritizing strategy and coordinating it with engineering/operation (37%), and working to enhance their cybersecurity expertise and hire qualified staff (36%).

According to the marketing leaders surveyed, the true cost of data leaks much exceeds the hard numbers. Loss of clients (27%), loss of customer data (25%), and reputation/brand damage (23%) are just some of the ways in which businesses have been harmed by data leaks or personal data incidents over the previous three years. 

The Deputy General Director and Head of Risk Management at PwC Vietnam, Mrs. Nguyen Phi Lan, advises businesses to develop a strategy for managing network security risks, prepare for potential disruptions to the system and implement clear and consistent reporting procedures.

Source: Vneconomy

Taiwanese PC company MSI (short for Micro-Star International) has officially verified that their system is under a cyber attack.

After detecting “network anomalies”, the company implemented “immediately” initiated measures to handle the problem and also notified law enforcement agencies. However, MSI did not disclose specifics when the attack occurred or whether exclusive information, such as source codes leaked out.

“Currently, the affected systems are progressively returning to normal process, with no significant impact on financial operations”, according to a brief statement from the company.

According to a regulatory filing with the Stock Exchange of Taiwan, enhanced controls over the network and infrastructure have been implemented to ensure data security. MSI encourages users to only download firmware/BIOS updates from their official website, rather than from any other sources.

Money Message, a new ransomware group, has recently added the company into their victim list. Late last month, the threat was brought to Zscaler’s attention.

In the analysis published by Cyble, the experts noted: “This group applies a double blackmail technique to attack the victims, involving filtering before encrypting the victim’s data”. “Unless ransom is paid, they will upload data to their breach website.”

The development occurs one month after Acer disclosed their own mistakes leading to 160GB of secret information theft. Such data was advertised on March 6th 2023, for sale on BreachForums and is now defunct.

According to The Hacker News.