Ministry asks securities companies to strengthen safety of information systems

April 15 is the deadline for domestic securities enterprises to adopt suitable measures to fix vulnerabilities in their information systems, including online stock trading functions.


The serious incident of cyberattack against VNDIRECT on March 24 led to disruptions in transactions of many securities investors. Therefore, the Authority of Information Security (under the Ministry of Information and Communications – MoIC) has just sent a formal dispatch requesting all domestic securities companies check their information systems for possible vulnerabilities.

The Information Security Authority commented that similar incidents recently have severely harmed securities enterprises, causing unwanted concerns among users and affecting their trust in the safety of Vietnamese stock exchanges as well as the financial market in general.

Hence, these businesses are asked to review and evaluate the safety level of their own information systems so that appropriate measures can be timely adopted step by step to fix any vulnerabilities, particularly in the functions of client account management for online stock transactions.

The ultimate goal is to ensure that 100 percent of currently operating information systems have their safety level approved no later than this September after necessary safety solutions have been carried out.

In addition, it is essential to effectively and continuously implement the 4-level model in information safety maintenance, with special improvements to professional information protection and monitoring as well as constant connections to the National Cyber Security Center (NCSC) under MoIC.

Simultaneously, securities companies should regularly backup their critical data and system in order to promptly restore them in case of cyberattacks.

Activities to respond to information safety incidents, together with potential threat hunting, should be done frequently so that signals of system intrusion can be detected timely. Any systems having serious security vulnerabilities should be urgently fixed and checked for the possibility of previous attacks.

Finally, the Authority of Information Security asks that securities companies regularly update information security patches under its warnings and notices from relevant agencies.

Other news