How much should VN customers spend on information security solutions?

Ensuring information security is increasingly important as more online transactions are made. However, the budgets for information security allocated by financial institutions remain modest.


Inappropriate investments

Eighty percent of finance institutions spent less than $100,000, or VND2.3 billion, on information security works in 2018.

The figure was released in the report on the level of interest and security status in the finance – banking sector from VNCERT and IDG after surveying 30 commercial banks and 16 finance – insurance service providers.

Seventy percent of institutions reserved 5-15 percent of their annual IT budgets for information security. However, 30 percent of credit institutions reserved less than 10 percent of budgets.

“The figures of less than 10 percent are clearly too low,” commented Can Van Luc, a finance expert.

Nguyen Dinh Thang, chair of LienViet Post Bank, also commented that less than 10 percent is too low. As for the bank, the figure is 15-16 percent.
“The figure would increase in the future. When the number of online users booms, the investment cost for the system will have to be higher,” he said.
Thang went on to say that ‘security’ and ‘safety’ here not only means preventing intrusion from outside into the internal system, but also means ensuring the smooth operation of the entire system.

“The most important basis of the IT system is safety,” he commented.

To digitize, banks must be safe

Nguyen Trong Duong, deputy director of the Information Security Agency said at the 2019 Retail Banking Forum that the insecurity holes are increasing, at a rate of about 300 percent a year, in the context of strong digitalization.

Recent years witnessed a series of intentional sophisticated large-scale attacks on financial institutions and banks.

British Wonga had 270,000 customer accounts exposed. Tesco Bank’s £2.5 million from 9,000 customers was stolen via a security flaw from the system and debit card. Meanwhile, a Bangladeshi bank lost 81 million dollars because of the SWIFT payment network flaw.

In Vietnam, commercial banks have also been warned that they could be the regular targets of cybercrimes. There was an attack on the SWIFT money transfer network where cybercrimes tried to transfer $1.13 million. It was discovered and prevented.

In addition to acknowledging attacks on Vietnamese financial institutions and banks, experts also warned of the increase in phishing cases.

According to Thang, the risks come from two sides – the systems of banks or fintechs which have flaws, and from users. Systematic problems must be settled by the application of reasonable information security strategies. Banks now need to improve their data systems in accordance with the new safety standards of Basel II.
Nguồn: Vietnamnet