The State Securities Commission of Vietnam has issued a stern directive to securities firms, urging immediate action to bolster system security protocols in the wake of a cyberattack on leading brokerage firm VNDirect, which continues to grapple with the aftermath of the breach.
The commission dispatched notifications to all market members, emphasizing the critical need for a comprehensive review and reinforcement of system security measures, particularly within securities trading systems and network connections.
The directive aims to swiftly address any existing vulnerabilities and prevent potential future breaches.
"In the event of identifying indicators of security breaches, companies are instructed to take proactive measures, allocating resources efficiently to address and rectify the situation," stated the Securities Commission.
The commission underscores the urgency for companies to conduct thorough reviews, report findings, and propose remedial actions by April 1.
VNDirect, a prominent player in the Vietnamese securities market, disclosed on March 24 that its entire system fell victim to an assault orchestrated by an international entity.
The attack prompted a temporary halt to all trading activities on its platforms. As of March 26, despite concerted efforts, the company's website remains limited to displaying a notification regarding the incident, with trading functionalities still inaccessible.
In a issued on March 25, VNDirect revealed ongoing collaboration with leading domestic technology conglomerates and concerted efforts with the cyber security authorities to forestall similar incidents in the future.
The company reassured customer data integrity and asset security remain uncompromised amidst the attack, emphasizing that the disruption primarily affected trading operations.
The company reiterated its commitment to expeditiously restoring full functionality to its systems.
The Hanoi Stock Exchange and the Ho Chi Minh City Stock Exchange promptly suspended remote and online trading connections with VNDirect's platforms on March 25, pending complete resolution of the incident.
However, unaffected market members continue to conduct business as usual.
Following VNDirect's disclosure, several affiliated firms reported similar cybersecurity issues.
The Post and Telecommunications Insurance Corporation (PTI) acknowledged a breach since March 24, while the websites of the IPA Investment Corporation and IPAAM remained inaccessible.
