In his recent visit to Vietnam to attend the launch of the “One month campaign commemorating World IP Day” by the Ministry of Science and Technology and supported by the partners of the Vietnam Government Inter-Ministerial IPR Protection Task Forces (Programme 168), Mr Roland Chan, BSA|The Software Alliance’s Senior Director of Compliance Program in the Asia Pacific region, talked to the Vietnam Business Forum about the growing threat of cybercrime, which is fast becoming a critical issue and concern amongst governments and businesses globally. Nam Pham reports.
From your extensive experience working with global organisations, how do you rate the risks that Vietnam is facing from cybercrimes?
Today, cybercrime knows no geographical boundaries, and it is a serious problem that must be addressed. The internet is everywhere. We only have to look at the various e-government and digital economy initiatives to realize that there is also a lot of critical information that, despite being stored internally, is possibly accessible through the internet. This ranges from classified government data to invaluable trade secrets of the private sector. And because of all of this, I don’t have to tell you that where there is sugar, there are ants. There are people with criminal intent, who want to steal money, who want to steal secrets, who want to hurt the economy and hurt the government.
Moreover, the creation of the Internet has allowed criminals to look at new ways to cheat and steal. That’s the challenge we face today. Where a lot of criminals see cybercrime as the perfect way to commit a crime and get away unscathed.
I learnt that IDC and BSA just released a review called Risky Business: Malware Threats From Unlicensed Software. Could you please share some valuable findings?
In this recent study conducted by IDC, results showed that there is a strong positive correlation between unlicensed software and malware encounters – the higher the unlicensed software rate in a country, the more malware generally encountered on PCs in that country, and vice versa. In statistical terms, the correlation between unlicensed software and malware is even higher than the correlation between smoking and lung cancer, and higher than the correlation between education and income. For Vietnam, this is a sign that warrants serious attention.
Malware is also dangerous and costly. Organisations experience malware incidents once every 3 minutes Malware problems associated with unlicensed software cost organizations nearly US$500 billion in 2014.
What are the reasons for those serious concerns?
For years, many in the world have gotten by with the use of unlicensed software and weak software asset management practices. Part of the reason for this has been a mind-set amongst business leaders who place priority on short term profitability over long term sustainability.
The time for change has come. In time, enterprises that do not will fail. A bank that cannot protect money will not survive. An e-commerce company that cannot protect data will not be trusted. It’s simply no longer sustainable to hold onto the belief that unlicensed software is good enough to keep an organization operational. Too much is at stake.
As I mentioned earlier, the employment of unlicensed software places organizations, both domestic and foreign, at risk of a cybersecurity attack. These illegal software programmes simply do not have the necessary safeguards in place when compared to licensed software, which would normally benefit from regular updates to counter any security loopholes that may exist. The cybersecurity threat may include malware intrusions, some of which may result in further security loopholes that allow hackers to enter a network. Studies have shown that enterprises using illegal software will have a 73 percent higher risk of losing important data, and a higher risk of virus infection.
Vietnam has recently become the main target of a series of large-scale cyber spying activities. Speaking for a global organization, can you share some insight about how to deal with this situation?
Last year, an IDC Survey found that the chief reason computer users around the world cite for not using unlicensed software is avoiding security threats from malware. Among the risks associated with unlicensed software, 64 percent of users globally cited unauthorized access by hackers as a top concern and 59 percent cited loss of data. Yet a striking 81 percent of the software installed on personal computers in Vietnam in 2013 was not properly licensed. This may be part of the reason why many Vietnamese websites were subject to serious attack last year.
In my viewpoint, given the clear link between cybersecurity threats and unlicensed software, one of the simplest ways for enterprises and governments to better safeguard their assets is to ensure that the software they are running is genuine and fully licensed. Ensuring the software installed on IT systems is licensed and comes from a legitimate source is a good first line of defense.
To get the most out of software, it has to be managed well, just as any other valuable company asset. Poor software management robs companies of the full productivity and efficiency value of software, and therefore increases risk. Effective software management combines the needs of an organization’s IT assets with the needs of the company and of the individual. Without a good software asset management practice, the sad reality is that when it comes to cybercrime, we simply cannot protect what we don’t know. When an organization has a clear understanding of their software estate, the more prepared they are to build a resilient, adaptive IT infrastructure that can respond to these threats.
Vietnam has been one of the greatest beneficiaries of software, and a beacon to the world on what an economy can achieve through technology. It is time for Vietnamese businesses to pay for what they use, and manage what they have. If not only for the benefit of increased productivity and security levels in its competition in a global economy, but for the sense of fair play in the country’s quest to maintain its lead in economic success.
- According to the Kaspersky Security Bulletin 2014, Vietnam was ranked as the number six country in the world based on number of users attacked by malware. In terms of security risks, Vietnam ranked in the fourth place globally with nearly half of users at risk of malware infection while using the Internet. The country was at the top position with about 70 percent of computer users susceptible to malware and malicious software via USB and memory cards.
- According to Colonel Nguyen Van Thinh, deputy head of the Department of Cyber Security under the Ministry of Public Security, the ministry had detected various malwares penetrating computer systems of various governmental and ministerial agencies. The ministry had also discovered that foreign hackers were launching large-scale spying campaigns to attach malware, with nearly 100 different samples, into email systems of the Party, and the government's offices.
- In 2014 alone, the ministry had discovered that nearly 6,000 Vietnamese online news pages and online news portals were attacked, losing administrative rights and its contents were amended. Out of them, 246 pages were of government's agencies, ending with the domain name gov.vn.
- Typically, 745 websites in Vietnam were attacked in 1 week from late August to early September 2014. Another attack on a series of large websites by hackers in 5 days from October 13-18, 2014 recently caused enterprises using VCCorp’s data centre losses of billions of Vietnam Dong.
Vietnamese
