In today's digital age, securities account protection and information security have become a top priority for every organization, especially in the financial and securities sector, where information security not only affects business operations but also concerns the interests of millions of investors. The most recent cyber attack at VNDirect, one of the leading securities companies in Vietnam, has raised concerns about the ability to ensure information security in this industry. This is not only a technical issue but also a lesson in risk management and incident response.
1. Understand the Problem and Respond Quickly
First, understanding the nature and scale of the incident is an important first step. VNDirect promptly announced the incident and assured customers that their information and assets were safe. This helped to reduce confusion among the investor community and build confidence that the company was in control of the situation.
Since 10:00 a.m. on March 24, VNDirect's system has been hacked, resulting in inaccessibility to date. As a result, investors with accounts at VNDirect are having difficulty making transactions on the stock market. According to information from a representative of the Information Technology Department under the State Securities Commission, the responsibility for maintaining a stable trading system belongs to the securities company itself.
According to information from VNDirect, the attack started at 10:00 a.m. on Sunday, March 24, 2024, and was carried out by an international organization, causing the entire trading platform to be temporarily disabled. Although the incident has been resolved, due to the large amount of data that needs to be processed, the company still needs more time to reconnect the entire system. VNDirect has also cooperated with leading technology companies in Vietnam and cybersecurity agencies to prevent similar incidents, ensuring market safety.
2. Protect securities accounts and customer assets
For securities companies, protecting securities accounts and ensuring that customers' assets are always safe even when the system is down is a top priority. VNDirect has done this by confirming that all customer information and assets were not affected by the attack. The company has also worked quickly with technology partners and cybersecurity agencies to ensure the system is safe and prevent similar incidents in the future.
Associate Professor Dr. Nguyen Huu Huan, from the Ho Chi Minh City University of Economics, emphasized the responsibility of securities companies in ensuring the safety of investors' accounts. He said that although investors' money is still kept safe in banks, the main risk from cyber attacks for securities companies lies in the disclosure of customer information. He affirmed that securities companies need to have a backup data system to protect customer information in the event of an attack.
According to Article 20 of Circular 121/2020/TT-BTC, securities companies providing online trading services must ensure data security and confidentiality, and prepare backup systems and alternative plans in case of incidents. Mr. Huan warned that attacking the backup system is a dangerous situation, while attacking websites often leads to the disclosure of customers' personal information.
In the case of VNDIRECT, the attack not only caused damage to customers but also seriously affected the company itself, causing many customers to choose to switch to other securities companies. Hackers noticed this and targeted Vietnamese financial companies with the goal of seizing resources and demanding ransom. Therefore, financial companies, including banks, need to strengthen data security to deal with attacks, especially in the context of technology development and artificial intelligence making it easier to find security holes.
3. Learn from experience and improve
In case an investor suffers losses in securities assets, who will be responsible? According to experts, the responsibility lies with the securities company, but determining the legal basis for claiming compensation is a challenge. However, investors should not keep too much money in their securities accounts and should only transfer money from the bank to the securities account when necessary to make transactions, in order to increase financial security.
Another issue raised is the lack of clear distinction between corporate accounts and investors’ personal accounts. According to regulations, investors need to deposit money into a bank account designated by the securities company, which is reserved for securities trading. This lack of distinction can lead to capital management risks.
To reduce losses for investors due to the hacking incident of the securities company, Hanoi Stock Exchange (HNX) and Ho Chi Minh City Stock Exchange (HOSE) have temporarily disconnected transactions with VNDIRECT from March 25, 2024 until the incident is completely resolved. Other securities companies continue to connect and trade normally. The restoration of connection will be based on the recovery report from VNDIRECT.
Finally, learning from each incident is extremely important to improve the system’s prevention and response capabilities in the future. VNDirect and other securities companies need to continue to invest heavily in security technology, staff training, and develop detailed incident response plans, so that when an incident occurs.
Source: Onstocks
