HCM CITY — Vietnamese firms need to have greater awareness of information security and make clear plans before buying cyber security solutions, a seminar heard in HCM City on Friday.

Phạm Tuấn Anh of iDealogic, a software solutions company, said a report by IFSEC lists Việt Nam among the countries most exposed to cyber attacks in Asia.

Southeast Asian countries have the highest technology development growth rate, but their investment in cyber security is very low at only 0.06 per cent of GDP compared to 0.13 per cent globally and 0.35 per cent in the UK and Israel, he said.

Information security is becoming a hot issue around the world. In Việt Nam, the websites of many Government agencies and State-owned and private enterprises, and even the airport’s information system, were attacked recently.

Phạm Anh Vũ of Microsoft Vietnam said cyber attacks are not merely for money but also politically motivated.

Vietnamese firms, except those in the banking and financial sector, are not well prepared to combat cyber crimes, he said.

Many believe “they will never be hacked or there is nothing to be hacked,” Anh said.

Besides, many think information security is very simple and they just need to use anti-virus solutions, he said.

Many businesses buy security solutions but do not even know if they are appropriate for them or how to use them.

Paul Dols, co-founder of iDealogic, said in Việt Nam everybody buys security solutions instead of making good plans for their long-term future.

“You better look at what you have now and start planning instead of buying all kinds of solutions. You can start with buying solutions once you have an architecture in place.”

Businesses look at security as cost but should look at it as value and opportunity to do a digital transformation, he said.

Vietnamese businesses do not budget a lot of money like those in Europe or the US, but they should start planning to mitigate the high risk, delegates said.

Businesses should select consultants to help them make assessments for their internal data system, identify which part is a priority for protection, identify what data is priority for them to protect before expanding to other areas.

Lê Thanh Nguyên, director of the Saigon Hi-Tech Park Incubation Centre, said local firms, especially start-ups, should protect their information systems.

“If start-ups, in the early stage of development, do not pay attention to information security, they face a high risk of losing data.”

Firms can consult the information security standard ISO 27001 or the EU’s General Data Protection Regulation to make sure their data is protected, Anh said. — VNS