Identifying and Addressing Cybersecurity Vulnerabilities in Vietnam

A new Mobile Virtual Network Operator (MVNO) in Vietnam has become the fifth of its kind in the country, joining several others The  MVNO plans to optimise resources and integrate services from various partners within its ecosystem to offer convenient and effective packages to customers.

It aims to incorporate advanced technologies like Cloud computing, Chat BOT, and AI for improved service capacity, amid the growing MVNO landscape that comprises approximately 2.65 million subscribers, making up 2.1% of the total mobile telecommunications market, according to data from the Authority of Telecommunications under the Ministry of Information and Communications.

With the recent addition of a new Mobile Virtual Network Operator (MVNO) in Vietnam, reflecting the expanding mobile landscape, there’s a heightened focus on increased mobile coverage and the imperative to ensure users’ safety.

As the MVNO market grows, encompassing approximately 2.65 million subscribers and constituting 2.1% of the total mobile telecommunications market, it becomes crucial to implement robust safety measures. With a rising number of users engaging with mobile services, there is an urgent need for comprehensive strategies to safeguard users’ privacy, data, and overall digital well-being.

This underscores the importance of regulatory frameworks and proactive measures by both service providers and authorities to create a secure mobile environment for all users in Vietnam.

With security in mind, the Authority of Broadcasting and Electronic Information, operating under the Ministry of Information and Communications (MIC), collaborated with major tech platforms in 2023 to counter the dissemination of toxic information and fake news.

These platforms were required to cooperate in removing content violating Vietnamese law, implementing solutions to prevent and eliminate incorrect or toxic news, resulting in a response rate exceeding 90% for removal requests and a shortened duration of 3-24 hours for handling and blocking violations.

The integration of AI technology by major online platforms facilitated automated scanning, detection, and handling of content in accordance with MIC requests. Notably, in May 2023, the MIC, alongside five relevant ministries and sectors, conducted a comprehensive inspection of operations, leading to the identification of violations and the issuance of directives for enhanced management of cross-border service provision in the country.

Furthermore, the MIC intensified efforts to receive and verify feedback on fake news through the Vietnam Anti-Fake News Centre (VAFC). The VAFC played a crucial role in labelling fake news, disseminating correct information through mass media, and promptly identifying and preventing the spread of numerous false reports on a designated website.

Additionally, the website actively collaborated in blocking and removing more than 800 gambling links, addressing reactionary and malicious content, and publishing articles to caution against large-scale fraud and misinformation.

In the ongoing year, the Authority of Broadcasting and Electronic Information continues its collaboration with ministries, sectors, and localities, working alongside relevant entities to establish a national-scale information processing network.

The National Cyber Security Monitoring Center (NCSC) under AIS has identified five critical information security vulnerabilities in certain software products, raising concerns about potential cyber threats to information systems in Vietnam. These vulnerabilities, disclosed in a software company’s patch list, include risks such as phishing attacks, remote code execution, and exposure of sensitive information.

AIS recommends that governmental agencies, organisations, and businesses assess and update computers using the affected operating systems to the latest patches to mitigate the risk of cyberattacks. It stressed the need for prompt attention to identified vulnerabilities, as overlooking these issues poses immediate risks to the security of agencies and organisations, with historical data indicating a high number of vulnerabilities detected in previous months.

Despite warnings and recommendations, there is a tendency for institutions to neglect or insufficiently address identified flaws, underscoring the importance of proactive measures to secure information systems and prevent potential cyber threats.