Mr. Nguyen The Dong – Director of the Athena Rapid Response Computer Incident Center in Ho Chi Minh City – stated that not long ago, a corporation from Northern Europe investing in the southeastern region had to halt its production line for two consecutive days due to a Trojan infection in their computer system – a type of virus that steals information and can paralyze computer systems.
Weak Network Systems
The aforementioned Northern European corporation, despite having made substantial investments in its computer systems, faced significant operational disruptions. For many small and medium-sized enterprises (SMEs) in Vietnam, the consequences could be even more severe if their network systems are not properly maintained. According to a survey of 415 companies in Ho Chi Minh City, Dong Nai, and Binh Duong conducted by Athena and Saigon Computer Newspaper, many of these firms have limited use of shared databases, leading to scattered information that is easy to lose and not updated consistently. Many companies still lack a system and policies for data backup in case of incidents. Although 87% of surveyed companies have designated individuals responsible for managing network systems, only 36% of these individuals have degrees in information technology. The number of individuals with international certifications in network management is even lower, at just 18%. Due to the thin and unqualified workforce in network management, many companies have weak and inconsistent security policies. For instance, there are few clear regulations regarding employees’ use of the Internet and IT devices within the organization, and even if such regulations exist, they are often not enforced rigorously.
The survey results also indicated that only 25% of companies have user rights management, grouping users, and creating shared folders and drives. However, the number of companies with information storage on servers and regular risk prevention measures is very low, at just 15%. Although 100% of companies have antivirus software installed on their systems, only 19% of them utilize automatic updates of antivirus software when users log into the network system. The prevalence of outdated antivirus software, lack of fundamental virus protection solutions, and inadequate measures against spyware, spam, and web filtering is quite common among businesses today. Only 8% of companies use firewall systems, and 14% utilize network monitoring tools, but most do so infrequently and ineffectively, reflecting a lack of awareness and concern from these businesses.
Surge in Virus Attacks
Mr. Pham Trong Diem – a security expert from Nam Truong Son Company – believes that there is currently a surge in virus attacks globally. Statistics from January to October 2005 show that nearly 2.6 million virus types have emerged worldwide, averaging 11,500 new viruses each day, with systems facing a new virus attack every 7 seconds. Spam emails and virus attacks via email are also becoming increasingly common. In 2005, the proportion of emails containing viruses rose to 1 in 75. Cyber attacks have increased tenfold compared to a decade ago. Therefore, according to Mr. Diem, companies need to chart the explosion of viruses to develop preventive strategies for their computer systems.
In Vietnam, within the framework of the aforementioned survey, 91% of companies experienced virus or Trojan infections in their computer systems, with email-based virus attacks affecting 97% of firms. Additionally, companies frequently encounter hardware, software, database, web, and Internet issues. Mr. Nguyen The Dong noted that the results of the survey indicated that companies are investing little or just maintaining the status quo regarding computer system security, as they have not fully assessed the risks and consequences of incidents. Mr. Pham Trong Diem pointed out that the forms of virus attacks are becoming increasingly diverse and sophisticated; therefore, if the network information security measures in companies are not professionalized and regularly updated, it will be challenging to avoid damaging attacks.
