Urgent need for cybersecurity solutions.

A sharp increase in both number and size.

According to the 2024 Cybersecurity Summary Report recently published by the National Cybersecurity Association, the state of information security in Vietnam, both for businesses and individual users, is at a critical level.

Accordingly, cyberattacks are not only increasing in number but also becoming more complex and sophisticated in their methods, resulting in a surge in the number of victims compared to previous years.

Specifically, in 2024, a survey of 4,935 organizations in Vietnam revealed that nearly 50% had experienced at least one cyberattack, and 6.77% were frequent victims of cybercrime. The total number of cyberattacks that year was estimated at over 659,000, with over 74,000 cyberattack alerts targeting critical units alone, including 83 targeted Advanced Persistent Threat (APT) attacks.

Not only have cyberattacks increased in number, but their scale has also expanded, with many incidents being extremely serious. For example, VNDirect Securities Company was attacked at the end of March 2024, paralyzing its information system for more than a week.

For example, in early April 2024, the information technology system of the Vietnam Oil Corporation (PVOIL) was attacked, causing disruptions to the company's digital platform operations and making it impossible to issue electronic invoices for sales...

According to the National Cybersecurity Association, Advanced Persistent Threat (APT) attacks are a preferred method for hackers targeting domestic agencies and businesses, accounting for over 26% of cyberattacks. There are four common types of vulnerabilities exploited by hackers in targeted attacks: vulnerabilities in existing software; vulnerabilities in management, configuration, and permission processes; vulnerabilities in insecure supply chains; and human error within the system.

Besides the risk of information and data theft, organizations and businesses also face the threat of ransomware attacks. According to the report, up to 14.59% of organizations and businesses reported being attacked by ransomware in the past year. This is an alarming rate because this type of attack is very dangerous and highly destructive. Once data is encrypted, there is no way to decrypt it, disrupting the operations of organizations and businesses, and severely impacting their reputation and finances.

According to the National Cybersecurity Association's forecast, in the upcoming year 2025, Vietnamese organizations and businesses will continue to face significant cybersecurity challenges, especially with many important political , economic, and diplomatic events expected to take place during the year.

There will be many cyberattacks with espionage and sabotage elements, employing increasingly sophisticated and diverse cyberattack techniques, and using "cyber weapons" equipped with artificial intelligence (AI) technology to enhance their ability to detect and exploit vulnerabilities.

The main forms of attack remain targeted APT attacks, spyware, and ransomware. Industrial control systems, autonomous vehicles, and drones will be new targets for hackers.

Raising awareness and investing in cybersecurity.

Speaking about the increasing number of organizations and businesses becoming preferred targets for hackers, Vu Ngoc Son, Technical Director of the National Cyber ​​Security Technology Joint Stock Company (NCS), said that the current trend of cyberattacks is creating an urgent need to raise awareness and invest in advanced cybersecurity solutions.

It is essential to strengthen close cooperation between the Government , businesses, and the technology community, quickly finalize the legal framework, and share information in a timely manner. These are decisive factors in protecting national cyberspace and creating a solid foundation for development in the digital age.

According to Mr. Vu Ngoc Son, one of the biggest weaknesses in cybersecurity for domestic organizations and businesses is the severe shortage of human resources in this field. Notably, according to a survey by the National Cybersecurity Association, more than 20.06% of organizations reported that they currently do not have dedicated cybersecurity personnel, and 35.56% of agencies and businesses can only assign no more than 5 people in charge, a number that is very small compared to the actual requirements.

The shortage of specialized cybersecurity personnel stems from both subjective and objective factors. Currently, cybersecurity training institutions in Vietnam are not supplying enough personnel to meet market demand. The quality of graduates is uneven, with many lacking practical experience, making it difficult for them to operate critical systems. Many organizations, especially small and medium-sized enterprises (SMEs), have not properly assessed the importance of cybersecurity, leading to underestimation of investment in specialized personnel.

To address the shortage of personnel, agencies and businesses should consider outsourcing professional cybersecurity monitoring and operation services to share resources. In addition, Vietnam needs to quickly develop standardized certifications and formal evaluation systems for cybersecurity personnel. These standards will help standardize and promote professionalism in the cybersecurity industry, motivating personnel to continuously improve their skills and capabilities.

"User data security is also a major issue for many organizations and businesses, as data leaks are very common. Although there is Decree 13/2023/ND-CP on personal data protection and the upcoming Law on Personal Data Protection, the implementation of these regulations remains problematic in many agencies and businesses. Currently, more than 40% of organizations and businesses do not have dedicated staff or only assign personnel to handle this crucial area as a secondary responsibility," emphasized cybersecurity expert Vu Ngoc Son.