Efficient use of Pentest – What did VSEC expert say?

For pentester VSEC - BLOG

Webinar: “Stay Ahead of Cyber Threats”

On March 29, the event “Stay Ahead of Cyber Threats,” organized by Vietnamese Security Network JSC in collaboration with VNG Cloud, was successfully held and left positive impressions on the Vietnamese Tech and business communities. The event featured speakers from renowned cybersecurity institutions, such as Kaspersky, VNG Cloud, VSEC, and Megazone Cloud. The webinar drew in more than 450 participants due to the insightful information provided by industry experts.

In this webinar, Mr. Bui Trung Thanh, a Solution Consultant at VSEC, shared a new method for optimizing the cost of ensuring information security. Pentest is the most method often used for application cybersecurity.

 

PTaaS – Cost and time optimization

“Most businesses today lack a dedicated cybersecurity team, and their engineers lack the skills and knowledge necessary to implement and evaluate information security. That’s why businesses often choose to hire outsource entities to evaluate cybersecurity for their applications,” shared Mr. Thanh.

In addition, Mr. Thanh described the difficulties and limitations of conventional Pentesting, such as time, resources, and skills. To address this issue, a representative from VSEC introduced Pentest as a Service (PTaaS) – an optimized pentesting method that, while not new globally, is not yet wide spread in Vietnam.

PTaaS is a service that offers an automated vulnerability exploitation platform, combining AI/ML to simplify the search, analysis, and reporting of vulnerabilities. This shortens the implementation process and optimizes deployment costs. The combination of technical process automation, engineers’ expertise, and the artificial intelligence of PTaaS ensures the optimal execution processes when evaluating a specific application.

Clearly, PTaaS can help businesses carry out cybersecurity assessments more optimally than traditional methods, reducing costs and evaluation time, and better meeting businesses’ current needs.

Vietnam ranked 8th in top 10 countries on Cyber security 2022

Cyber world trending VSEC - BLOG

According to the National Cyber Power Index 2022* study, Vietnam has made a stunning leap from 20th rank (in 2020) to 8th place (in 2022) on the list of countries with the highest information security capabilities in the world.

The World’s Top 10 Most Secure Countries for Cyber Security in 2022

Notably, Vietnam jumped from 16th to 3rd place on the intent index (which measures the level of interest and investment in Cybersecurity). This is a positive signal in raising the awareness and capacity to ensure information security of the government as well as the community in the country.

Mr. Phillip Hung Cao, Technology Solution Architect, Zero Trust Strategist, shared his thoughts on the report, saying, “Vietnam is in the 8th position in the NCPI 2022 report, showing that we are on the right track in actively creating diverse information safe playgrounds and communities for all ages and all growing together. We need to keep and cultivate an optimistic outlook for the future.”

*In 2020, the Belfer Center at HARVARD Kennedy School published its first National Cyber Power Index (NCPI) study. Mr. Eric Rosenback, Co-Director of the Belfer Center, shared the project’s vision to become a preeminent and rigorous research institution that provides solutions to the challenges faced by national leaders as a result of cyber attacks and conflicts. Organizational leaders can use the information gleaned from these studies to better prepare their armed forces to win a cyber conflict, mitigate the effects of attacks by using legal and regulatory mechanisms, etc. 

Currently, eight indicators—financial, surveillance, intelligence, commerce, defense, information control, destructive, and normative—are used to compile the report. Limitations in the report’s ability to measure such delicate aspects as troop strength, intelligence capacity, etc. were also noted. Vietnam jumped from 20th to 8th on the rank as a result of improvements in many categories, including defense, trade, destruction, and norms. 

Download the report here

According to National Cyber Power Index 2022

Enhance human capacity, assurance the 2nd network safety and security in 2022 at Vietnam Electricity

Event VSEC - BLOG

Following the goal of enhancing the network security capacity of the staff in charge of IT – Information Security at Vietnam Electricity, on December 16, The Vietnamese Security Company Network (VSEC) and VNCert collaborated with Vietnam Electricity to successfully organize the second practical exercise program to assure network safety in 2022 at Son La Hall, EVN building, 11 Cua Bac.

 

 

At the beginning of August 2022, EVN Group successfully organized the first cybersecurity exercise 2022 with the title “Ensuring information security for the ERP system”. During the rehearsal, the participating units were corporations, member units, and power plants that were involved in dealing with actual information insecurity situations on the ERP system. The drill teams demonstrated their information security skills, executed and complied with procedures for responding to information security incidents and receiving incidents, and supporting operations and other processes to ensure safe and stable service provision for EVN’s ERP system.

Following the goal of enhancing the network security capacity of the staff in charge of IT – Information Security at Vietnam Electricity, VSEC, and VNCert collaborated with the Group to organize the second Group-level practical exercise program. The Electronic Office Integrated Information System was chosen as the implementation object in this rehearsal. This is a critical application that is used throughout the Group as well as its member units.

 

 

Mr. Dao Hoang Duong, Deputy Head of EVN’s Department of Telecommunications and Information Technology, stated at the practice that, over the years, with the growth and application of IT in digital transformation, EVN has paid great attention to information security activities and directed its units to perform many tasks of information safety and security.

Mr. Dao Hoang Duong – Deputy Head of EVN’s Department of Telecommunications and Information Technology gave the opening speech

 

Mr. Truong Duc Luong – Representative of The Vietnamese Security Network Joint Stock Company emphasized during the practical exercise: “While we are sitting here, our system is under attack. Therefore, network security is one of the activities that are extremely necessary and cannot be abandoned when we put into operation the information system.”

Mr. Truong Duc Luong – Chairman of the Board of Directors of The Vietnamese Security Company Network (VSEC)

 

The practical exercises are held in person and online. At EVN’s headquarters, there were 6 teams participating in the practical exercises under 3 scenarios: Investigation of digital signatures; Investigation of attacks and exploitation of the security flaw in the electronic office integrated information system; and Investigation of the cause of data loss.

Serious and urgent atmosphere of the practical exercises

 

The practical exercise finished successfully after 5 hours of intensive focus, and the teams also achieved outstanding results. Participating units acknowledged pleasure after receiving more helpful information, knowledge, and skills for application and deployment for activities to ensure network safety and security at their units.

The organizers awarded prizes to the teams

 

The first prize belongs to Ho Chi Minh City Power Corporation  

 

Mr. Truong Duc Luong expressed on this practice “VSEC is honored to have accompanied Vietnam Electricity from the early days when the exercise was simulated and now it is a practical exercise, we can witness the amazing improvement of the security personnel via the practices – these are also the great values that the practice ensures the safety and network security bring.”

Shortage of cyber security personel – Attractive opportunity to develop your career

Cyber world trending VSEC - BLOG

Building a team of high-caliber Cybersecurity specialists is regarded as one of the solid foundations for ensuring the national Cybersecurity framework and realizing Vietnam’s aspiration to become a global information security superpower.

As Minister of Information and Communications (MIC) Nguyen Manh Hung shared: “We must build a team of Cybersecurity specialists as the core. Particularly in the field of Cybersecurity, both good experts and industry play an important role. In addition to enterprises and tools, there must be outstanding individuals. Due to the fact that the tool only tackles known vulnerabilities. Unknown vulnerabilities can only be addressed by experts.”

According to the Information Security Center (ISC), the global scarcity of cybersecurity talent is estimated at more than 2.7 million positions. Although this number is lower than last year’s figure of 700,000, it continues to demonstrate a significant shortage of cybersecurity personnel. This workforce shortage is most severe in the Asia-Pacific region, where an estimated 1.42 million individuals are required – the largest shortage of any region in the whole world. This problem is not an exception in Vietnam. According to the Information Security Department (Ministry of Information and Communications), the human resources in Cybersecurity have failed to meet the demand in terms of both quantity and quality, particularly in the locality. By the end of 2020, Vietnam’s civilian force in Cybersecurity is estimated to consist of 50,000 individuals, while by 2021, we will require approximately 700,000 individuals. Therefore, Vietnam faces a paucity of human resources in Cybersecurity.

This significant demand creates extremely potential opportunities for those who are pursuing the field of cybersecurity with salaries and benefits that are considered one of the most attractive in the labor market today. However, the journey to pursue the path of becoming engineers and cybersecurity experts will also face many difficulties and challenges.

In fact, cyberattacks around the world, including in Vietnam, have grown in scope, complexity, and sophistication, with an increasing level of destruction. As a result, the quality of Cybersecurity human resources is another issue that requires consideration. Many young individuals who are interested in the Cybersecurity industry, or those who are studying and have a passion for this field, are still unsure about the path and direction of their personal growth in the Information Security industry.

With the objective of providing young personnel in the cybersecurity industry with a clear understanding of the industry, direction, and motivation to pursue careers as future cybersecurity experts, Cyber Security Technology Village organized the Seminar: “Cyber Security Training in Vietnam” within the framework of the TECHFEST 2022 series of events hosted by the Ministry of Science and Technology. Students and IT personnel who are interested in cybersecurity will find this event to be extremely beneficial and informative due to the participation of top-tier cybersecurity experts.

👉Register for the Workshop here: https://forms.gle/obX1Ka6JgEgYfHgQ9