Vietnam’s lawmakers ratified a law on safety in the cyberworld on Thursday, at a time when the country is at high risk of cyberattacks and already being impacted by hackers.
The law on online information security, including regulations on preventing and fighting online terrorism, will take effect on July 1, 2016, according to the lawmaking National Assembly.
A survey conducted by Russian security software firm Kaspersky from June to August this year found 30 percent of Internet users in Thailand suffered web-borne malware attacks, with Vietnam ranking eighth, according to the Bangkok Post.
Vietnam, Thailand, China and Russia are among the prime targets of hackers, according to Yury Namestnikov, a senior security researcher at Kaspersky.
In the first nine months of this year, 18,085 Vietnamese websites, including 88 state-run platforms, were infected with malicious software, according to the Vietnam Computer Emergency Response Team (VNCERT).
Cybercriminals also spread phishing viruses to 5,368 websites while 7,421 others were defaced during the period, the VNCERT said in a report.
Website defacement is an attack on a website's visual appearance, while phishing viruses allow hackers to steal sensitive information such as usernames, passwords, and credit card details from victims.
Cybercriminals mostly target small- to medium-sized enterprises as well as individuals to steal financial information and demand ransoms, according to Nguyen Huu Nguyen, director of the Ho Chi Minh City branch of the response team.
“Hackers also use their own malware and viruses to attack financial institutions and banks to steal money, or target social network users for phishing and fraud purposes,” Nguyen said.
Many trade, import-export and foreign-invested companies in Vietnam have fallen victim to cyberattacks because they have valuable information available to hackers, and lack the necessary Internet security protocols to fight against them.
Multiple firms have suffered damage worth hundreds of thousands of U.S. dollars due to business data being stolen, the Vietnamese Internet security training center Athena said.
According to a data center, in Ho Chi Minh City alone, 60,000 cyberattacks of various kinds were detected and stopped in the January-September period.
Hackers mostly targeted websites run by the city’s departments of planning and investment, health, and justice, as well as its online portal.
Last year the Ho Chi Minh City online portal was hit by 2.5 million cyberattacks, according to the data center.
Changing defensive methods
Experts say that with the number of cyberattacks rising, it is advisable for Vietnamese firms, state agencies and Internet users to improve their cyber-defence in order to stay safe.
“Most state agencies and companies only use basic defensive methods such as firewalls or antivirus software, and this is not enough,” Nguyen, the VNCERT Ho Chi Minh City director, said.
The defensive solutions being used in Vietnam are lagging behind the constantly changing and improving offensive methods, according to Do Ngoc Duy Trac, deputy head of CSO, a Vietnamese cybersecurity training institute.
“Most organizations and firms use cybersecurity solutions and software supplied by a third party, which are unable to deal with new methods of attack,” he said.
“The employees tasked with online security at these entities are spread too thin and therefore fail to counter the hackers.”
It must be accepted that all systems can be compromised and it is impossible to stay completely safe from hackers, Trac said.
“So what matters is not to try and combat hackers, but to detect attacks early,” he said.
“When you are aware of an attack before it happens, you can evacuate your sensitive data to safer places, so the cybercriminals cannot steal it even though they have broken into your system.”