Urgent solution to protect network security

Increase in quantity and size

According to the 2024 Cybersecurity Summary Report recently released by the National Cybersecurity Association, the information security situation for both businesses and individual users in Vietnam is at a serious warning level.

Accordingly, cyber attacks are not only increasing in number but also becoming more complex and sophisticated in their methods, so the number of victims has skyrocketed compared to previous years.

Specifically, in 2024, through a survey of 4,935 units and organizations in Vietnam, nearly 50% of them had been attacked at least once and 6.77% were regular victims of cybercrime. The total number of cyberattacks in the year is estimated at more than 659,000 cases, with key units alone receiving more than 74,000 cyberattack warnings, including 83 APT targeted attack campaigns.

Not only have cyber attacks increased in number, they have also expanded in scale compared to before, with many incidents being extremely serious. For example, VNDirect Securities Company was attacked at the end of March 2024, causing the company's information system to be paralyzed for more than a week.

Or in early April 2024, the information technology system of Vietnam Oil Corporation (PVOIL) was attacked, causing the unit's digital platform operations to be suspended, and the issuance of electronic invoices for sales could not be carried out...

According to the National Cyber ​​Security Association, APT targeted attacks are a form favored by hackers when they intentionally target domestic agencies and enterprises, with more than 26% of cyber attacks being of this type. There are 4 types of vulnerabilities that hackers often exploit for targeted attacks, including: vulnerabilities in the software in use; vulnerabilities in the management, configuration, and authorization processes; vulnerabilities from unsafe and insecure supply chains; and vulnerabilities caused by humans in the system.

In addition to the risk of information and data theft, agencies and enterprises also face the threat of data encryption and ransom. According to the Report, up to 14.59% of agencies and enterprises said they were attacked by ransomware in the past year. This is an alarming rate because this form of attack is very dangerous and highly "lethal". Once data is encrypted, there is no way to decrypt it, the operations of the agency or enterprise are interrupted, especially reputation and finances will be seriously affected.

According to the forecast of the National Cyber ​​Security Association, in the coming year 2025, Vietnamese organizations and enterprises will continue to face major challenges in cybersecurity, especially when many important political, economic and diplomatic events are expected to take place during the year.

There will be many cyber attacks with espionage and sabotage elements, with increasingly sophisticated and diverse cyber attack techniques, and "cyber weapons" equipped with AI technology to increase the ability to detect and exploit vulnerabilities.

The main forms of attack are still APT, spyware and ransomware. Industrial control systems, autonomous vehicles and drones will be the new targets of hackers.

Raising awareness and investment in cybersecurity

Talking about the situation where organizations and enterprises are becoming increasingly popular targets for hackers, Technical Director of National Cyber ​​Security Technology Joint Stock Company (NCS) Vu Ngoc Son said that the current trend of cyber attacks is posing an urgent need to raise awareness and invest in advanced cyber security solutions.

It is essential to strengthen close cooperation between the Government, enterprises and the technology community, quickly complete the legal corridor and share information promptly. These are decisive factors to protect the national cyberspace and create a solid foundation for development in the digital age.

According to Mr. Vu Ngoc Son, one of the biggest weaknesses in cybersecurity of domestic units and enterprises is the serious shortage of human resources for this field. Notably, according to a survey by the National Cyber ​​Security Association, more than 20.06% of units said that they currently do not have specialized personnel for cybersecurity, 35.56% of agencies and enterprises can only arrange no more than 5 people in charge, this number is very small compared to current actual requirements.

The reasons for the shortage of specialized personnel come from both subjective and objective factors. Cybersecurity training schools in Vietnam currently do not provide enough quantity to meet market demand. The quality of graduates is uneven, most of them do not have practical experience, making it difficult for them to participate in operating important systems. Many organizations, especially small and medium enterprises, have not properly assessed the importance of cybersecurity, leading to undervaluation of investment in specialized personnel.

To solve the problem of human resource shortage, agencies and enterprises should consider outsourcing professional services to monitor and operate network security to share resources. In addition, Vietnam needs to quickly develop a set of standards, certifications and a formal assessment system for network security human resources. These standards will help to standardize and promote professionalism in the network security industry, motivating employees to continuously improve their qualifications and capacity.

“User data security is also a big problem for many organizations and businesses when the leakage of this information is very common. Although there is Decree 13/2023/ND-CP on personal data protection and the upcoming Law on Personal Data Protection, the implementation of these regulations is still confusing at agencies and businesses. Currently, more than 40% of units and businesses do not have specialized staff or only assign part-time positions for this particularly important area,” emphasized cybersecurity expert Vu Ngoc Son.