Security experts say that it is not necessary to invest a lot of money in a security system and network security to be safe. On the contrary, this may be the wrong direction.
Businesses spend a lot of money on security, why are they still attacked by hackers? - first
Lieutenant Colonel Le Xuan Thuy, Director of the National Cyber Security Center, Ministry of Public Security, answers questions related to data encryption attacks (Photo: Cuong Quyet).
Last March can be said to be the peak time for hackers, when Vietnam recorded at least 3 large-scale data encryption (ransomware) attacks, with the target targeting VnDirect, PVOil and a supplier. provides telecommunications services.
It is worth mentioning that these are all large businesses, and may have invested a lot of money in security systems and internal network security. But why are they still victims of large-scale attacks?
Sharing at the seminar on the afternoon of April 5 in Hanoi, Lieutenant Colonel Le Xuan Thuy, Director of the National Cyber Security Center, Ministry of Public Security, emphasized that hacker organizations often exploit unpublished ZeroDay vulnerabilities. dad.
Because of that, although a lot of money is invested in security systems, most of them cannot be detected and prevented.
"There are many places in Vietnam, partly because of awareness, thinking that we have done things tightly, so we have a subjective and negligent mentality. This makes it easier for the system to be a victim of hackers," Mr. Le Xuan Thuy said.
Experts from the National Cyber Security Center affirmed that the best way to defend against cyber attacks is to continuously review 24/7 and optimize the system so that when hackers appear and take action. can promptly respond and prevent.
In addition, it needs to be based on three pillars, which are processes, people, and information security systems. Therefore, just investing in defense systems and information security is not enough.
"Remember that as a defender, we have to find all the vulnerabilities, and the attacker only needs to find one vulnerability," Mr. Thuy said.
