Kenneth Lai, ASEAN Area Vice President of Cloudflare

Kenneth Lai, Cloudflare's ASEAN Area Vice President

HÀ NỘI — Việt Nam’s fast rise as a global technology powerhouse has been matched by a surge in cyber threats, prompting calls to fight artificial intelligence (AI)-driven crime with equally advanced AI defences.

According to the Ministry of Science and Technology, the sector expanded to nearly 74,000 businesses in 2024, employing more than 1.25 million workers and generating US$158 billion in revenue, equivalent to 15 per cent of national GDP.

With proven strengths in device and chip production and major strides in AI, Việt Nam is redefining its position in the global technology value chain. Yet this success has also made it a bigger target for cyber criminals.

A 2024 ministry report found that about 46 per cent of surveyed organisations suffered at least one cyberattack, while nearly 15 per cent were hit by ransomware. The growth of ransomware-as-a-service, available on the dark web for only a few hundred dollars, has made these crimes increasingly common.

To help organisations understand the threat landscape, Cloudflare released its latest Signals Report, which showed a sharp escalation in attacks. The company blocked more than 20.9 million distributed denial-of-service (DDoS) assaults in 2024, a 50 per cent rise on the previous year. It also reported that 28 per cent of all application traffic it observed came from bots. While some bots perform legitimate tasks such as search indexing or customer service automation, the overwhelming majority — 93 per cent — were unverified and potentially malicious.

As technology advances at breakneck speed, so do the risks. From AI-powered assaults and supply chain vulnerabilities to the looming impact of quantum computing, the threat environment in 2025 is increasingly volatile and complex. Cyber resilience is no longer the preserve of IT teams alone but a strategic necessity for company leadership across the board.

Remote work and rapid cloud adoption have widened the attack surface, giving malicious actors new opportunities. AI-driven automation now fuels everything from bot-powered credential stuffing to large-scale DDoS campaigns launched from unsecured Internet of Things devices. Cloudflare found that 94 per cent of login attempts using stolen credentials were made by bots testing thousands of passwords per second.

Generative AI has further tilted the balance by enabling criminals to fabricate identities that blend real and fake data, bypassing traditional checks. AI-generated personal information, deepfakes and automated credential stuffing make fraudulent activity increasingly difficult to detect.

Analysts warn that only AI can keep pace with AI. Organisations are being urged to embed AI-enhanced threat detection and automated defences in their security strategies. Strong credential management and AI-powered monitoring of vast datasets can help identify anomalies, disrupt hostile activity and neutralise new forms of attack in real time.

With the cyber battlefield expanding as quickly as Việt Nam’s digital economy, experts agree that the next phase of defence will require matching machine with machine.

Checking for Blind Spots: Shadow AI, Supply Chain Risks, Geopolitical Threats and Post Quantum Readiness

The threats don’t stop there. There are countless other headwinds that organisations need to navigate in today’s security landscape. For instance, employees are adopting generative AI tools faster than security teams can keep up, creating 'Shadow AI' blind spots that bypass traditional governance and compliance. Furthermore, geopolitical tensions are spilling into cyberspace, with organisations underestimating these cyber threats and assuming neutrality while state-sponsored attacks disrupt industries and expose critical supply chain vulnerabilities.

Meanwhile, the uneven adoption of post-quantum cryptography — despite a rise from 3 per cent to 38 per cent in HTTPS traffic secured with quantum-safe encryption in March 2025 compared to a year ago — reveals a troubling lag in enterprise readiness. With quantum computing poised to break traditional encryption, leaders must accelerate the adoption of post-quantum cryptography to protect long-term data and meet evolving regulatory expectations.

Supply chains remain one of the weakest links. With enterprises relying on dozens and even hundreds of third-party scripts, a single compromised vendor can be an open door for attackers. According to the World Economic Forum, 54 per cent of large companies see third-party risk management as their top cyber resilience challenge.

Amid all these emerging risks, Zero Trust is no longer optional — it is a necessity to seal these gaps.

Zero Trust is the new de facto standard

Static passwords and basic multi-factor authentication (MFA) no longer suffice in a world of session hijacking, phishing-resistant threats and MFA bypass techniques. Enterprises must evolve towards full Zero Trust architectures, including password-less authentication and continuous risk-based access controls.

The good news is that 97 per cent of organisations have already invested in or are planning to invest in Zero Trust solutions. However, only one-third have fully deployed it, highlighting a crucial execution gap. Organisations will need to develop their Zero Trust strategy from isolated controls to a single unified layer spanning the entire enterprise. The focus will shift from secure remote access management alone to unifying identity, data and traffic policies across every environment.

Thankfully, many leaders are already moving towards platforms that are resilient by design, global by default, automated in response and offering real-time visibility. That is where the real value lies — not just reducing risk but enabling agility. The organisations that succeed will be those that embed Zero Trust into their digital foundation, making it part of how they build, scale and innovate securely.

Compliance, continuity and security must be designed in from the start

Finally, compliance can no longer be reactive. Regulatory frameworks across Asia-Pacific are expanding rapidly to ensure systems are in place to prevent and manage cybersecurity threats. Việt Nam’s Digital Technology Industry Law came into effect this year and will govern investments in critical infrastructure such as data centres and 5G, taxation and financial incentives, as well as talent development. This marks a new phase for Việt Nam in cybersecurity, defined by stricter requirements, heightened scrutiny and broader accountability.

Beyond avoiding legal penalties, ensuring a robust security posture has wider implications for protecting trust, reputation and long-term resilience in an environment where the cost of inaction is rising.

In an era of AI-driven attacks, rising regulatory demands and complex digital interdependencies, cybersecurity can no longer be siloed, reactive or an afterthought.

Security cannot wait and neither can businesses; beyond reacting to threats, organisations must embed resilience into how they operate, innovate and grow.

The future will belong to enterprises that move decisively by adopting AI-enabled defences, securing their supply chains, accelerating post-quantum readiness and unifying Zero Trust frameworks across their ecosystems. Organisations must act now because in the AI age, security is not optional, it is foundational. — VNS