What is the industry’s Achilles’ heel in this era of digital transformation?

How will information security maintain a safe and secure network for users in the era of digital transformation – an era where data leaks are rampant like today?

Đảm bảo an toàn thông tin trong thời kỳ chuyển đổi số

Mr. Truong Duc Luong (in blue shirt) – Chairman of the Board of Directors of Vietnam Cybersecurity Joint Stock Company (VSEC)

 

After you purchased a plane ticket, a succession of messages appeared offering to sell you a taxi service. You’ve just moved into a brand new place, and now the phone calls are asking whether you need the services of an interior decorator. That’s when you find out that your privacy has been breached and your data has been sold.

Is there a way to ensure that our data remains secure? To close any security “holes” in the data system and safeguard your privacy, information security is essential.

Given the widespread adoption of cloud-based data storage that has accompanied the current wave of “Digital Transformation,” organizations of all sizes, from multinational corporations to SMEs and startups, now rely on information security as a foundational tool for protecting themselves from four major security threats.

Mr. Truong Duc Luong, Co-Founder and Chairman of Vietnam Cybersecurity Joint Stock Company (VSEC), the first provider of Information Security management services in Vietnam to obtain the international CREST certification for both Security Assessment Services (Pentest) and Security Operations Monitoring Center (SOC) services, had an open conversation with Mr. Ta Ngoc Hieu, Head of Engineering Tyme – one of the fastest growing Digital Banking development groups in the world, during the Webinar “Achilles’ heel in the digital transformation era.”

At the webinar, experts will discuss the potential and problems facing the Information Security business in Vietnam, as well as how it protects consumers’ data.

 

Where in Vietnam might you find “Information Security”?

The aftermath of the COVID-19 epidemic has resulted in a surge in digital transformation across industries, from the largest to the smallest.

Ensuring information security in the digital transformation period

In Vietnam, not all industries prioritize protecting sensitive data.

Although the necessity for information security is universal, its application varies by sector. The process of digital transformation will reveal how information security objectives vary across different industries, such as:

  • The security of banking institutions and online marketplaces will be of paramount importance. Due to the significant value of data on “online shopping behavior,” commerce platforms and digital banks must take extra precautions to protect this information from hackers.
  • Cost is a key factor in determining the priority of information security within the State sector. If state-owned businesses don’t have a sufficient budget for information security, their degree of security will lag behind that of the two sectors we just discussed.
  • Last but not least, the areas of EdTech (Education Technology) and Health care are the least concerned about data protection. Although companies recognize the importance of information security, little attention has been paid to allocating funds to the area.

 

How to establish “trust” in a business relationship including Information Security?

  • From the perspective of customers using Information Security

When a business chooses to outsource its security services to a separate company, that business must trust that company with all of its sensitive information. When privacy is at stake, how can you tell who to put your faith in? In highly specialized fields (such as banking and finance), third-party collaboration necessitates that the corporation itself have a department specializing in information security.

Mr. Luong at VSEC, speaking from the standpoint of the supplier, warned that the supplier organization may be exploited against the client. That’s why it’s crucial to forewarn visitors and deal with them as soon as possible through preventative measures.

Mr. Luong suggested information security utilize “Zero Trust” to stop hackers from infiltrating the system. Tech giants like Amazon and Microsoft are often credited with popularizing this word, which has become the industry standard in cybersecurity. To implement Zero Trust, all users, both inside and outside the network, will need to be authenticated and authorized before being given or maintaining access to sensitive information. While the concept of information security services may seem “far away” to some, Mr. Luong noted that the growing trend of outsourcing security services is the best option for organizations right now.

Before embarking with a partner to build an information security system, enterprises must have a plan to equip the infrastructure beforehand. You can’t convert numbers without a plan. For example, a telemedicine company must develop technology to support telemedicine first, and then think about outsourcing security services to protect that system.

 

What should Vietnam do when entering the Cybersecurity race?

  • Vietnam’s prospects and difficulties 

Knowing the merits and pitfalls of Vietnam’s entry into the Information Security race is essential before making investments in cybersecurity tailored to the country’s current infrastructure.

Đảm bảo an toàn thông tin trong thời kỳ chuyển đổi số - vsec

Human resource issues persist as Vietnam’s primary hurdle in the information security sector.

Vietnam has the potential to “charge head first” into the digital age thanks to its prodigious capacity for learning and adapting to new technologies. Statistics suggest that firms around the world are short a combined total of nearly 4 million information security engineers, making employment prospects in the information security field plentiful. While Information Security has great potential, it is hindered by the fact that the business is still in its infancy and so few engineers have completed official training in this field. There is a dearth of highly specialized human resources, which means that most information security engineers of today must still rely on self-teaching from a wide variety of international sources. Data protection is an endeavor that calls for dedication over time and is simple to abandon in the midst. 

An analogy between Information Security engineers and computer programmers can help paint a clearer picture. Unlike software developers, Information Security engineers have to wait at least two years before seeing the fruits of their labor on the App Store. As a whole, the shortage of workers on hand remains Vietnam’s greatest information security concern. How can we deal with this lack of personnel?

1/ Automation: Robots and machines should replace some human labor. Mr. Hieu and Mr. Luong have each invested in an automation platform that will allow machines to perform 60% of the manual labor currently performed by humans. 

2/ Selection of personnel: Information security engineers command a hefty salary due to a severe shortage in the field. Put in your standard 5 days a week, 8 hours a day shift. The remaining time will be subject to external monitoring.  

3/ Combination of In-house and Outsource: Even the largest banks in Vietnam adopt a hybrid approach, relying on both in-house and external resources to provide the highest levels of data protection.