This alert was shared by experts from EY Consulting Vietnam Limited (EY Consulting VN) and Anomali, a US-based cyber security company,in the workshop “Cyber Security and the importance of Threat Intelligence Sharing Platform” held on 7 in Hanoi and 8 August 2019 in Ho Chi Minh City.
Digital transformation process is speeding up thanks to the development of technology and demands for better experience from customers. It enables organizations to connect, manage, and synchronize data and databases, in order to optimize performance, improve overall productivity and enhance the values.
There have been more and more people, especially young population and tech-savvy generations, increasingly attached to the digital connection. Responding to this trend, organizations are embracing emerging technologies and new business models that base on digital platforms. Cybersecurity, however, has yet gained adequate awareness by many of businesses.
This has paved the way for hackers to cast hazardous consequences for both businesses and their clients. As learnt by experts, hackers are getting more sophisticated in automating the attacks. Additionally, with constrained resource of information and a shortage of skilled cyber security experts, organizations can hardly anticipate and timely counter an imminent assault.
Recognise potential threats and be ready for forthcoming cyber attacks
Experts in the workshop believe that underestimating the importance of cyber security leads to insufficient investment in human resources and technologies. According to EY 2018-2019 Global Information Security Survey (GISS), more than half (55%) of the organizations do not make the protection of the organization an integral part of their strategy and execution plans. Only 8% of organizations have information security functions that fully meet their needs. Resources are a key issue with 30% of organizations are struggling with skill shortages.
Many enterprises have had a better cyber security’s apprehension only after suffering grave losses from hackers. EY’s GISS received 76% respondents saying they upped their cyber security budgets after a serious breach. However, businesses seem reluctant sharing details of intrusive signals (IoC and IoA) for fear of reputation damage, which might pose a great threat to the firms themselves. Hackers could continue exploiting the black hole zero-day existed long ago and intruding deeper into the system before an updated version being installed.
The frequency and scale of the security breaches all around the world show that too few organizations have implemented even basic security. However, organizations are spending more on cybersecurity, devoting increasing resources to fine-tun existing defences, and working harder to embed security-by-design to optimize security and support their growth.
Which strategies for entrepreneurs?
“Cyber security has to be embedded in organisations' development strategy”, said Mr. Tran Dinh Cuong, General Director of Ersnt & Young Vietnam Limited (EY Vietnam). “It is vital to have systematic cooperation, information sharing, and technical assistance not only within an internal financial institution, but also in financial and banking sector, relating organisations, and with cyber security experts.”
Moreover, it should aim to not only protect the enterprise with good cyber security hygiene and basic lines of defence, but also to optimize the response with more advanced tools and strategies” – Mr. Cuong said.
Echoing this point, Mr. Geoff Noble, Anomali’s Senior Vice President said: “One organization’s detection can be another prevention. Therefore, the highest way is to build on trust, which can manage the trust about what you shared. You can be part of a community like EY Consulting VN to bring intelligence into the platform.”
Experts from EY Consulting VN and Anomali agreed that early detection and warnings of cyber-attacks play a major role in helping organizations effectively react to such threats before they damage the businesses and their stakeholders.
Emphasising on the critical role of the advanced notification and warnings of cyber assaults, Mr. Robert Trong Tran, Leader of Cyber Security Services at EY Consulting VN believed that the platform for malwares information sharing and cyber-attack signals analysing (IoA) among enterprises will be a requisite trend to effectively cope with intentional and complicated hacking assaults.
The annual report of European Union Agency for Cyber security (ENISA) shows that most intrusion cases had their roots from detected and recorded loopholes for at least one year before. Thus, an anonymous sharing system collaborating with Information Sharing and Analysis Center (ISAC) and Security Operations Center (SOC) will help organizations identify risks in advance and immediately react with potential threats before they can cause any detrimental impacts. More specifically, compared to obsolete approaches based on firewall system and regular filters, this system assures more cyber resilience to cyber-attacks.
Without timely defence, a cyberspace intrusion will wreak havoc and cause immense losses to a business, not to mention the potential injury of prestige and credence in future transactions, noted experts at the workshop. Organisations should be always on high alert and ready to fight with cyber security intrusions to minimise the possibly financial and reputational risks.
“Any organisation can be a potential target for hackers. We need to be on high surveillance and fully prepared for cyber threats”, concluded Robert.
Notes to Editors
EY is a global leader in assurance, tax, strategy, transactions and consulting services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities.
EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. Information about how EY collects and uses personal data and a description of the rights individuals have under data protection legislation is available via ey.com/privacy. For more information about our organization, please visit ey.com.
About EY Vietnam
EY Vietnam, established in 1992 as the first 100% foreign invested accounting and advisory firm in Vietnam, is a member of EY. Since then, we have been recognized as a trusted business advisor - thanks to our people’s wealth of knowledge and understanding about Vietnam business environment, and to our distinguished credentials and experience in providing insightful advices and added values to our clients. EY Consulting Vietnam is also a member of the global EY organization.
In Vietnam, with more than 1,400 local and expatriate professionals, we are dedicated to providing the same level of professional service that our clients worldwide have come to expect. We are also united by our shared values, which inspire our people worldwide and guide them to do the right thing, and our commitment to quality, which is embedded in who we are and everything we do.
©2019. Ernst & Young Vietnam Ltd.
All rights reserved.
VN No. 16070801