Information security risks for SMEs in 2021
Not only facing difficulties caused by the Covid-19 pandemic, small and medium enterprises (SMEs) in Vietnam will also face many information safety and data security risks this year.
According to Kaspersky's report on the impact of Covid-19 pandemic on SMEs in 2020, the epidemic has caused heavy damage to these businesses, so their investment in IT and information security is at risk of "freezing" or being reduced in 2021. Many micro-businesses and household-based businesses have no budget to hire information security personnel. The risk of information and data insecurity will continue to be a concern of SMEs this year.
Ransomware - malicious software that infects your computer and displays messages demanding a fee to be paid in order for your system to work again - flourished in 2020. However, the level of knowledge and vigilance about this type of malware among SMEs is still very limited.
A report by Coveware shows that ransomware ‘favors’ SMEs with fewer than 100 employees when the number of attacks on this group accounted for 55%.
The vast majority of SME victims of ransomware tended to pay a ransom to get back important data. A new feature of ‘Ransomware 2.0’ is that they not only encrypt the data for ransom, but also blackmail the victim from seeing the date being published on the network.
Hackers also use mistakes of employees or even important characters in businesses to penetrate the network to steal financial information and corporate data.
Statistics from Abnormal Security show that the number of phishing emails defaming invoices and payment bills increased by 81%, causing an average loss of $81,000 per phishing attack.
It is noteworthy that phishing methods via mobile messages with links easily deceive victims to click on links on their smartphones rather than on computers, so hackers can exploit it.
Response to information security risks
"The Covid-19 epidemic has forced SMEs to apply remote working regime, and this is a great risk to corporate information security," said Ngo Tran Vu, director of NTS Security Company.
"A safe remote work plan and a response plan to information security incident scenarios are essential for SMEs," Vu said.
"In addition to solutions to protect the computer if frequently exposed on the network environment, offline and online backup on the cloud platform will help reduce the risk as with ransomware," he added.
SME leaders should have a methodical plan for information security, and review of the entire network system, database, equipment and corporate decentralization. The gaps for cybercriminals’ attack are also loopholes in commonly used software such as Microsoft Office, Adobe PDF, web browsers... that have not been patched by the publisher.
The National Cyber Security Centre (NCSC) of the Authority of Information Security has announced the 10 most outstanding cybersecurity events in 2020.
By developing Make in Vietnam cybersecurity products on the basis of open platforms, technology firms will be able to create 'digital trust' among consumers.