Achilles heel in digital age
Just finished booking a plane ticket, a series of messages came to invite you to buy a passenger taxi service. Just received a new apartment, countless phone calls ask if you are looking for an interior designer. That’s when you know your information has been sold and your privacy has been compromised.
How do we keep our information private? Information Security (ATTT) is the key to dealing with any security “holes” in the data system, helping to protect your privacy.
Especially with the current trend of digital transformation, all types of large and small businesses from multinational corporations to SMEs and start-ups are starting to store data in the cloud, and information security is the core to help businesses. stand firm against four security threats.
Attending the Webinar “Achilles’ heel in the digital transformation era”, Mr. Truong Duc Luong – Founder, Chairman of the Board of Directors of Vietnam Cybersecurity Joint Stock Company (VSEC) – a certified information security management service provider receiving international CREST for both security assessment services (Pentest) and security operation monitoring center services (SOC) had candid sharing with Mr. Ta Ngoc Hieu – Engineer Manager of Tyme Bank – a One of the fastest growing digital banking groups in the world.
At the webinar, the speakers explained how ATTT secures data for users, as well as the opportunities & challenges of this industry in Vietnam.
Not all businesses prioritize security
According to Mr. Truong Duc Luong, from the post-pandemic impact of the Covid-19 pandemic, digital transformation is taking place more and more strongly in most large and small businesses.
However, the need to use information security in every industry is not the same. The digital transformation process will help us clearly see the differentiation of information security priorities in different types of businesses, for example:
In banks and e-commerce platforms, ATTT will be the mainstay and top priority. Because digital banks are very vulnerable to attacks, as well as commerce platforms need high security for huge data about “online shopping behavior”.
In the state sector, information security is only prioritized with a sufficient cost. When the budget for information security in state-owned companies is not large enough, the level of information security will not be as high as the two industries mentioned above.
Finally, in the group of technology – education (EdTech) and health sectors, information security is the least prioritized. Although businesses know they need information security, they have not really focused on the budget for information security.
Building “trust” when working with partners ATTT
From the perspective of customers using ATTT
When a company decides to hire a 3rd party to do security services (outsource), it means they have to give all their data to another party. How to safely choose the gold sending face when all data is confidential?
For specialized specialized industries (such as finance, banking), the company itself needs to have a department specializing in information security to have enough expertise to cooperate with 3rd parties.
From the perspective of an ATTT . service provider
From the supplier’s perspective, Mr. Luong said that the supplier itself is also likely to be used by bad guys to attack the customer’s company. Therefore, it is always necessary to take preventive measures to warn guests and promptly handle them.
Mr. Luong proposed, to prevent the risk of being infiltrated by bad guys, ATTT can use “Zero Trust”. This is a popular security term in cybersecurity today, being applied by technology giants like Amazon or Microsoft. Zero Trust will require all users whether inside or outside the organization’s network to be authenticated, authorized before being granted or kept access to data.
Security services may sound “far away” to many people, but Mr. Luong also added that the trend of outsourcing security services will no longer be the distant future but the most optimal solution for businesses.
“Before embarking with a partner to build an information security system, businesses must have a plan to equip the infrastructure beforehand. You can’t convert numbers without a plan. For example, a telemedicine company must develop technology to support telemedicine first, and then think about outsourcing security services to protect that system,” said Luong.
Vietnam still lacks security personnel
Sharing at the webinar, experts said that Vietnam has the ability to learn and adapt very quickly to technology, thereby capturing the trend of digitization. Not only that, global job opportunities for the information security industry are plentiful when world statistics show that businesses are short of a total of about 4 million information security engineers.
However, ATTT poses a big challenge in terms of professional training when this industry is still relatively new, and not many engineers graduate with formal degrees. Most of today’s information security engineers still have to tinker with all kinds of learning sources everywhere, leading to a lack of highly specialized human resources. In addition, the job of information security also needs to be persistently pursued for a long time, easy to “break the burden”.
“To make it easier to imagine, we can compare ATTT engineers with programmers. Programmers can immediately see the finished product they make on the App Store after developing the app, but it takes ATTT engineers at least 2 years to see this result. In general, the biggest challenge of the information security industry in Vietnam today is still the shortage of personnel,” said Luong.