Cyber attacks have revealed the Achilles heel of not only new startups in the market, but also the world’s technology giants.

The attack on an advanced centrifuge development and assembly plant at Iran’s Natanz uranium enrichment facility in 2010 exhibited the complexity of the Stuxnet virus that sabotaged Iranian enrichment centrifuges. 

Up to 1,000 centrifuges out of 5,000 were eventually damaged by the virus, which attacked Windows systems using an unprecedented four Zero-day exploits, according to reports.

This is also one of the largest and most damaging Zero-day attacks in the world.

A Zero-day is a computer-software vulnerability either unknown to those who should be interested in its mitigation or known and a patch has not been developed. 

Until the vulnerability is mitigated, hackers can exploit it to adversely affect programs, data, additional computers or a network in order to carry out illegal actions, causing damage to individuals and businesses.

In the current era of strong digital transformation with countless technological applications in life, security holes have created a fertile ground for hackers to profit from and cause harm to billions of users on the Internet.

The affected users can be individuals in financial frauds, cases of distribution of sensitive information, agencies, and organizations. 

Hackers will take advantage of vulnerabilities to attack and embed malicious codes in software to control the systems of their targets. 

The SolarWinds hack was a notorious example as up to 18,000 SolarWinds customers were thought to have originally received the malicious code while nine federal agencies and about 100 private sector companies were compromised.

Information security at startups

According to statistics, damage caused by computer viruses reached a new record in Vietnam, exceeding US$1 billion in 2020. 

In 2021, security holes have increased as many organizations and businesses are forced to open their systems to the Internet so that employees can access and work remotely during the COVID-19 pandemic.

Experts recommend that businesses build a long-term information security strategy, as well as regulations and procedures to prevent, handle, investigate, and respond to crises in case of information security loss.

It is also necessary for enterprises to ensure information security for end users, one of the links containing the most weaknesses, by regularly implementing awareness-raising activities and equipping them with skills to protect network security.

Enterprises can consult experts or refer to standard programs to build their own that is closest to their business conditions. 

At the same time, businesses should also conduct independent cyber security assessments and red teaming campaigns through professional information security testing service companies to review their current security response and protection capabilities.

However, startups with limited financial conditions often neglect to invest in information security. 

Experts recommend that the building phase of a company is the best time to grow a security culture, even with small financial potential. 

Companies need to control security throughout the life cycle of their products by applying information security standards such as OWASP, providing information security knowledge for application development and operation teams, and controlling utilities supplied by third parties.

Giant brands among the targets

Hackers not only attack international software with billions of users but they also target local technology products in countries with a large market of Internet users. 

Experts say that with 70 percent of the population using the Internet and utilities such as social networks, Vietnam is considered a very attractive target for cybercriminals.

In early August, hackers put many security holes for sale to take over user accounts of Zalo and Zalo Pay -- the leading chat and payment applications in Vietnam with more than 100 million accounts.

Pundits believe that if those vulnerabilities are mastered, hackers can easily access Zalo user accounts and view all messages, photos, and private data.

However, VinCSS Internet Security Services LLC timely detected the fatal vulnerabilities, helping Zalo to fix them and leaving no consequences.

VinCSS also widely shared information about the security breaches and its resolution with the community, which then became a reference for businesses and people interested in network security, as well as a reminder for users to increase vigilance of information security.