The severity of ransomware attacks on Vietnamese businesses in a short period of time is assessed by experts as "very large", not only in terms of scale but also in terms of the impact on operations, business and reputation of the unit. The attacks have disrupted business operations, while causing serious damage to data, users, as well as reducing the trust of customers and partners.

Shortcomings of Vietnamese businesses in incident handling

Speaking with Thanh Nien , Mr. Nguyen Le Thanh - Chief Technology Officer (CTO) of VNG said that while participating in supporting a number of units affected by ransomware, he realized that there were still problems in the way Vietnamese businesses handled incidents when facing cyber attacks.

"First is the lack of preparedness and slow response," said Mr. Nguyen Le Thanh. Currently, many Vietnamese businesses do not have a clear incident response plan, or do not prepare scenarios for the worst-case scenario, so when an incident occurs, they often react slowly, increasing recovery time and the extent of damage.

The second problem is the lack of experience in handling incidents early. According to VNG's leadership, large, complex incidents require people with a lot of experience in both security and the ability to grasp and understand information about the system, software structure and business operations of the enterprise. "Therefore, even with support from security companies and outside cybersecurity experts, the enterprise still takes a long time to restore the system because it does not have enough experience in coordinating the recovery process on a large scale," Mr. Thanh explained.

The next obstacle is the lack of comprehensive information about the system. When the security team does not have full information or comprehensive understanding of the system as well as the IT architecture (including software, connections), it will be difficult to determine the source and scope of the incident and delay in restoring each part of the service.

Another weakness is that there is still fragmented and inconsistent communication between leadership teams, IT personnel, incident response teams, and stakeholders, contributing to chaos and slowing down the resolution process.

Need to focus on corporate security program

Cybersecurity experts all agree that no business is immune to attack, no matter how rich or small, so they should not think "it's not my turn". In fact, "tech giants" such as Google, Microsoft... have all been victims of hackers. Hackers can lie dormant in a business's IT system without being detected before launching an attack.

Mr. Tran Minh Quang - Director of the Center for Analysis and Sharing of Cyber ​​Security Risks - Viettel Cyber ​​Security Company emphasized that every enterprise should build a cyber security program, especially a program to warn about information security risks occurring in the environment in which the enterprise is operating.

"For example, businesses need to understand the tricks and attack techniques... often used by ransomware groups in Vietnam, thereby updating those identifying signs and putting those details into their monitoring system to be able to detect similar attacks if they occur," advised the leader of Viettel Cyber ​​Security Company.

Sharing the same view, Mr. Nguyen Le Thanh said: "Enterprises need to focus on building strategies and investing in improving incident prevention capacity. More importantly, the capacity to recover and maintain business continuity when incidents occur." These measures require investment in both finance and resources, but are necessary to ensure safety and continuity for business operations in the digital age, where cyber security threats are increasingly complex and unpredictable.