Agencies, organizations and enterprises in Vietnam have been warned that they are facing the risks of unsafe information security, caused by the security leaks from the internal staff – a danger which is even more serious than the attacks by hackers.
Lesson learned from the Wikileaks case
 |
Why could Wikileaks blockbuster explode? The experts, who attended to Security World 2011, a workshop on information security held in Hanoi several days ago, pointed out that it was because Wikileaks could obtain top secret documents provided by the staffs of the organizations themselves. Some countries have confirmed that the information of the US diplomacy, many banks and insurance companies in Switzerland were leaked from the people, who worked at the agencies and companies and had the right to access to the information.
Phuong Minh Nam, Deputy Director of the Information Technology Department under the Ministry of Public Security, cited a report by the US Secret Service as saying that among the reasons behind the information leaking, the internal risks and the cybercrime are the biggest risks. Especially, businesses have been advised to beware of the internal risks, because in many cases, it is the businesses’ staff that provided the top secret information.
Nam said that the internal risks relate to the power abuse, which should be considered as the biggest risk (48 percent), while the attacks by hackers or spyware are just considered the second risk (40 percent).
“The information is always put under the strict control. However, it is the persons who have the right to access to the information, do not keep secrecy. This has become a serious danger for “sensitive” business fields, such as finance and banking in Vietnam,” Minh said.
Vietnamese institutions making light of privacy policies
In the 2010 reports by McAfee, Kaspersky or Check Point, Vietnam once again was mentioned as a “black address” in many international lists of media agencies and securities companies.
The risk of information insecurity in Vietnam has become more serious when Vietnam has been listed among the 10 countries with the highest risks. Besides, discontent people in enterprises and organizations may sell out their enterprises and organizations, by stealing information and selling to other institutions.
What to do to settle the time bombs? Experts say that many institutions and individuals in Vietnam still do not have good perception about network security and data security.
“At most of Vietnamese institutions and enterprises, the policies and procedures on information security still have not been built or strictly followed. This is a big problem which needs urgent settlement,” said Stefan Tanase, a senior security expert from Kaspersky Lab.
Analysts have also warned that the use of social networks may relate to the information insecurity. Employees of some companies may complain on Facebook or Twitter about some projects that their companies carry out. When they mention some key words or combinations of works, these could be the “suggestions” to hackers to carry out attacks to the database of the companies.
The Vietnam Information Security Association (VNISA) has advised institutions and enterprises that they should not only equip with good servers, firewalls or encryption systems, but they also need to pay attention to the implementation of the information security procedures and the decentralization in data access.
Previous page
Back to top
