Thousands of vulnerabilities are of very high severity
This information was given by Dr. Nguyen Viet Phan - Deputy Director of the Center for Information Technology and Cyber Security Monitoring, Government Cipher Committee - at the Conference on connecting the Government's direction and administration information on the network environment with the electronic information portals of ministries, branches and localities in 2024 held on the morning of November 14 in Hanoi.
Dr. Nguyen Viet Phan said that they also face major challenges in information security and safety, including: Rapid growth rate of the system, inadequate investment in security systems, and lack of consistency in policies to ensure information security and safety.
These situations create many vulnerabilities for the electronic information portal systems of state agencies, causing electronic information systems to face many dangerous and sophisticated cyber security threats.
The main threats include: Malware, Distributed Denial of Service (DDoS) attacks, Phishing (a form of attack using fake emails or websites to steal user information), Social Engineering (the act of exploiting users' psychology and behavior to steal sensitive information) and Advanced Persistent Threats (APT).
In particular, according to reports from technology companies in the field of information security, since the beginning of the year, about 84 million new types of malware have been recorded, with an average of about 8 million new malware and variants appearing every month.
Security vulnerabilities in software or operating systems are one of the main targets of hackers. These vulnerabilities can exist in web applications or database management software, and if the security vulnerabilities are not patched in time, the information technology system will be easily attacked and exploited.
According to recorded data, as of October 2024, 30,420 new security vulnerabilities were recorded, including 4,056 low-level vulnerabilities, 12,592 medium-level vulnerabilities, 9,988 high-level vulnerabilities, and 3,784 very serious vulnerabilities.
Deploying information security monitoring system
Dr. Nguyen Viet Phan said that currently, the Government Cipher Committee is actively deploying an information security monitoring system and technical and professional solutions to ensure information security and safety for the Party and State's key information technology networks, ensuring confidentiality and protecting state secrets according to the Law on Protection of State Secrets.
Solutions are implemented at different layers. For the user layer: Deploy specialized multi-interface computers of the Cryptography industry combined with file security solutions, storage drive encryption, anti-malware or specialized storage devices to move data between interfaces securely.
For the application, business, and platform layers: Synchronously deploy security, authentication, and digital signature solutions of the Government Cipher Committee. In addition, it is possible to deploy toolkits and cryptographic libraries to serve the security of information systems.
For the database layer: The Government Cipher Committee has developed database security solutions, dedicated storage security for specialized database servers.
For the network and transmission layer: With the channel security system (site to site, client to site), data transmitted on dedicated data transmission networks or the Internet are protected by the security layer of the Cryptography industry.
Accordingly, it is necessary to continue to improve the policy framework and regulations on information security and safety, apply technological solutions, train and raise awareness of information security, supplement human resources on information security and strengthen cooperation with agencies and organizations.
