Describing the deface attack on Vietnam Airlines as an ‘extremely serious attack’, experts have warned that more attacks, even more destructive, could be deployed in the future if organizations and businesses continue to be indifferent to information security.
Hoang Xuan Dau from the Information Technology Faculty of the Post and Telecommunications Institute of Technology pointed out that in the Vietnam Airlines’ case, the hackers could penetrate deep into the enterprise’s system, hijacking the screens which displayed information about flights and the loudspeaker system.
“Only when hackers can penetrate deep into enterprises’ local network can they do these things,” he said.
"In other cases, hackers could only steal, erase or change some information. But in Vietnam Airlines’ case, they could intervene the hardware device as well,” he said.
Also according to Dau, what happened at Noi Bai and Tan Son Nhat Airports showed that hackers must prepare for a long period for the attack.
Regarding the stolen information about Vietnam Airlines’ 410,000 loyal clients, Dau said it was a ‘big loss, tangible and intangible’.
“The airline’s clients have not made complaints about this. However, in other countries, airlines will have to compensate for this,” he said.
Other security experts agree that the attack to Vietnam Airlines was ‘extremely serious’, saying that this must be seen as a big lesson for Vietnamese organizations and businesses which do not pay appropriate attention to information security works.
If they do not apply necessary measures to ensure better security for the information systems, they will bear more destructive attacks in the future as hackers are getting more and more sophisticated.
They recalled the thousands of attacks on websites in Vietnam since 2014, mostly to websites run by state agencies with the domain name of ‘.gov.vn’.
Some online newspapers have suffered attacks for many days. Vietnam is listed among the countries most visited by hackers.
The big problem for Vietnamese businesses and organizations is that it is very costly to invest in information security solutions, while the investment does not bring countable profit.
In many cases, businesses only began spending money to ‘patch’ the information systems after the systems were attacked. But later, they once again neglected the investment as they thought things gwere okay and hackers would not return.
When asked about the training of IT engineers, Dau said that Vietnamese information security staff remained ‘weak and thin’, especially at local agencies.
“The IT force in Hanoi and HCMC is good, but it is very problematic in provinces,” he said, adding that this was a real concern.