How critical is procurement process to respond the information Security for a Corporation?

15th May 2019, I was speaking to "RETHINK CIO" event, organized at Sheraton Hotel Ho Chi Minh city.

I myself, John Masud Parvez, CIO / GITD of Hoan My Medical Corporation, Founder & President of Vietnam Social Health Revolution, joined the information security panel discussion on this CIO Conference. On this occasion I highlighted the different recently incidents of information security about around Asia, also health sector. Then I also added, from those incident how he is learning and suggested other to learn to avoid such incident for Vietnamese corporations. These are the brief incidents he mentioned,

  • On 2018, Singtel's 10,000 access point was exposed to hackers. and Users were redirected to other websites to steal their personal information. On 2018 Singhealth got hacked and exposed 1.4 M Paint information including the Prime minister health record.

  • In few months of of time again on the first quarter of 2019, Singhealth again got hacked and exposed 14000+ HIV patient information got licked

  • On 2018, Toyota Motor corporation's Thailand, Vietnam, Australia subsidies got hacked and lost 3.1 Million client information.

  • Cebuana's 900,000 customer info were lost from CRM

  • In term of financial impact, NHS of UK had to pay 92 Milloin British Pound bill to resolve and fight back that issue of wanna cry issue.

I mentioned on the discussion, those example are being used, mentioned for learning purpose only.

Now a days organization focus about one application. Business Unit Director also case mostly focus about the one application as well. But now we are all living in a digital era. So that one application is seating in our system infrastructure and also we need to connect with other applications as well.

The root case the information security often starts in Vietnamese corporation with that world being "FOCUSED" of one application only. So BUD, CFO often cant see the bigger picture. So on this situation the voice and leadership of the CIO is very crucial. But often in a Vietnamese corporation there is no CIO, they just ending up having a ITM or Head of IT level, keep putting in to their corporation and ending up not listening their voice.

So that results their whole application layer could ended up with large percentage of quick win, short time, focused and cheap applications. So what what is the impact?

The impact is, the application layer become something like a house which has the wall made of big holed net. Now, how is this possible to prevent the mosquito bite? and keep donating the blood to the mosquito's stomach ?

On this conference, I also presented a case study of Corporation often make mistakes about - When it comes to procurement the major corporation often fall in to a trap by prioritizing the financial aspect even though they have a very standard procedure and ending up with wrong solution which exposing the Vietnamese corporations at information security risk. The leadership of CIO and understanding of CEO, CFO, BUD is such important on this type of situation. Certainly at the same time, having a capable CIO is also so much important as well for the organization.

To know more more myself, please visit here

41 views0 comments