Why do companies ignore security issues?

On September 8, the state of cybersecurity in Vietnam’s digital transformation was discussed at a high-level roundtable of information technology and information security executives organized by the Department of Information Security – Ministry of Information and Communications, Viettel Cyber.Security and IEC.

According to Information Security Director Nguyen Tah Phuc, the average Vietnamese spends around 7 hours a day online. This duration increases, which means that the risk of network data security increases. Global statistics show that 900 cyber attacks take place every second and 40 security vulnerabilities are discovered every day while 5 new malicious codes are born. In addition, the trend of moving data and applications to cloud platforms creates new threats to network security and security.

“As all human activities are shifted to the network environment, a major challenge arises for those responsible for information security. A serious cyber security incident can bring down the program. The process of digital transformation of industry, space and economy,” he said.

However, CIOs have found that most organizations and enterprises have not fully implemented information security assurance plans to mitigate risk, presenting a significant challenge to the transition process.

In such a case, Fr. Robert Trong Tran, technology risk and cybersecurity expert at EY Vietnam, said there are many reasons why companies are “neglecting” cybersecurity, including popular ones. The department and other departments of enterprises, as well as financial support, time and psychological problems arising from neglecting the issue of enterprise security.

“CISOs say they are struggling with increasingly complex regulations, business unit relationships and lack of information security budgets,” he said.

A 2021 Global EY study found that 57 percent of CISOs have a “very close” relationship with finance, which influences the decision to approve cybersecurity spending. 74% of them said that the relationship between them and the marketing team in the company is average, even saying that they don’t trust each other psychologically. Only 9 percent of executives believe their cybersecurity measures will protect them from major cyberattacks.

At the time of the outbreak, 81 percent of business leaders said they needed to circumvent cybersecurity controls despite the increasing trend of attacks. Also, many companies are still thinking about software development. “They don’t take the time to learn about security because this topic doesn’t directly contribute to developing new features and bringing products to market,” estimates the head of EY Vietnam.

According to him, this mindset is slowly becoming the face of the tech industry. “In fields like design or manufacturing, engineers have to meet basic security requirements, and most software development engineers lack the necessary security knowledge,” he said. Robert.

In order for the digital transformation process to continue safely, IT and information security leaders must organize the implementation to ensure the security of their management information systems, according to the Chief Information Security Officer. According to the Prime Minister 2019. A requirement of the guidelines is to “ensure that the share of costs for network information security products and services reaches at least 10% of the total budget for the implementation of the information technology implementation plan”.

“Organizations and businesses need to create a culture of security and privacy from the design level onwards. At the same time, security must be integrated into all business strategies and decisions, and timely risk assessments must be carried out. Automate security processes, implement a Zero Trust architecture,” said Mr. Robert Trong Tran.

Lu Kui