State bank urges financial institutions to bolster cybersecurity

The state bank of Vietnam has called on credit institutions, payment intermediaries, and other related entities to assess their information security and promptly address system vulnerabilities.

This directive, issued on 11/9, follows reports of potential data breaches at the National Credit Information Center (CIC). The State Bank addressed the directive to credit institutions, payment intermediaries, credit information service providers, the Deposit Insurance of Vietnam (DIV), the Vietnam National Payment Corporation (NAPAS), and the CIC.

The State Bank acknowledged receiving warnings from authorities and reports from members of the Banking Sector Information Technology Security Incident Response Network regarding increased targeted attacks by cybercriminals exploiting vulnerabilities in applications and IT infrastructure.

Consequently, the Director of the Information Technology Department (State Bank) urged these entities to enhance their information system security and data protection.

Bank and business leaders were reminded of their responsibility for cybersecurity and their legal accountability to the Governor of the State Bank in case of security breaches, data leaks, or compromise of state secrets.

Organizations are required to promptly and thoroughly address existing system vulnerabilities. They are also instructed to upgrade or replace systems running outdated operating systems and applications no longer supported by vendors.

The State Bank also directed banks and payment intermediaries to promptly update security patches for all devices, especially servers, applications, network devices, and cybersecurity systems. Only essential services should be accessible through server ports.

Furthermore, the Director of the Information Technology Department highlighted additional tasks to reinforce system security and data protection: managing system access rights for personnel, implementing multi-factor authentication for accessing servers, applications, and critical network devices, preventing data loss, and encrypting stored non-public information and data.

Organizations must assess the security of services provided by third parties to prevent hackers from exploiting vulnerabilities in their systems (supply chain attacks).

Additionally, financial institutions are required to regularly monitor system threats, stay updated on current and emerging threats to proactively respond to cyberattacks, and have response plans and scenarios in place. Critical data and applications must be backed up as per State Bank regulations to ensure recovery when necessary.

On the evening of 11/9, the Vietnam National Computer Emergency Response Team (VNCERT), under the Ministry of Public Security's Department of Cybersecurity and High-Tech Crime Prevention, confirmed receiving a report of a "cybersecurity incident and signs of personal data infringement" at the CIC on 10/9.

VNCERT is collaborating with cybersecurity service providers, the CIC, and relevant State Bank units to investigate the incident, implement technical responses, and gather data and evidence.

"Initial findings indicate signs of cybercriminal activity aimed at stealing personal data. The extent of the unauthorized data acquisition is still being assessed," the announcement stated.

Several organizations in Vietnam have recently been targeted by cyberattacks. Last year, VnDirect, PVOIL, and VNPost suffered ransomware attacks, impacting their operations.

The CIC, under the State Bank of Vietnam, performs functions related to currency and banking. It is primarily known for supporting credit institutions in their business activities and assisting borrowers in accessing credit.

Quynh Trang

By VnExpress: https://vnexpress.net/ngan-hang-trung-gian-thanh-toan-can-tang-cuong-dam-bao-an-toan-he-thong-thong-tin-4938089.html