Technology engineers participate in a rehearsal about cybersecurity held in Hà Nội by the Ministry of Information and Communications and its partners. — VNA/VNS Photo Ngọc Bích

HÀ NỘI — Targeted cyber attacks have been on the rise over the past five years, according to the National Cybersecurity Association (NCA).

The Deputy Director of the National Cybersecurity Centre under the Ministry of Public Security (MPS), Major Trần Trung Hiếu, said that in recent years, targeted cyber attacks had increased in number, sophistication and complexity.

“Behind the targeted cyber attacks are organisations with great economic potential, large numbers of workers, and well-equipped cyber weapons, not individuals as before. A series of Vietnamese business organisations have been attacked in recent times, such as the energy sector, banks, hospitals and media agencies,” said Hiếu.

Listing major cyber attacks from 2023 to the present, Hiếu noted that in 2023, a Vietnamese energy company with annual revenue of billions of dollars was attacked. All data on 1,000 servers was encrypted.

“When the incident happened, we investigated and found that the management system was lax, but the inspection results were very accurate. The hackers demanded a ransom of US$2.5 million, but the Government has no policy allowing such ransom payments. Private enterprises can pay hackers to get the decryption key, but State ones have no mechanism to pay even a dollar,” said Hiếu.

The MPS then coordinated with the US law enforcement to handle the case and provide the decryption key back to the energy company, otherwise the entire data would have been lost.

If the data were lost, the energy company would have to re-sign contracts with millions of households, resulting in a loss of time and money.

At the end of 2023, a Vietnamese bank was hacked and ordered to transfer money, leading to them losing more than VNĐ100 billion ($3.8 million).

"Research on cyber attacks showed that many hackers operate secretly within enterprises’ systems for up to nine months before attacking. Hackers understand the rules and operations of the field they are about to attack better than enterprises’ employees," said Hiếu.

As a result, ensuring network safety and security is facing a major challenge in terms of human resources.

The MPS noted that due to lack of employees, although the network security monitoring and operation system has been invested, in reality, it can only be monitored for eight hours, and at night it is difficult to supervise what hackers are doing.

The Head of the Technology Research Division under the NCA, Vũ Ngọc Sơn, said that although digital transformation was progressing rapidly, the number of cyber attacks is constantly increasing in both quantity and severity.

However, most Vietnamese businesses still do not have the capacity, processes or necessary preparations to deal with cybersecurity incidents.

A recent Cisco report shows that only 11 per cent of businesses and organisations have reached the maturity level of being ready to respond to incidents. This year, the proportion of businesses in Việt Nam achieving cybersecurity maturity increased by five per cent.

Cisco experts said that the level of cybersecurity readiness in Việt Nam was still low, especially in the context of artificial intelligence (AI) constantly posing complex challenges for security experts.

A survey conducted by NCA at the end of last year also showed that up to 52.89 per cent of businesses and organisations in Việt Nam do not have adequate technology solutions to respond to cybersecurity incidents, while 56.16 per cent do not have enough specialised cybersecurity personnel.

Last year, up to 659,000 different cybersecurity attacks were reported, affecting about 46.15 per cent of agencies and businesses.

Cybersecurity personnel

According to NCA's assessment, the main reasons for Việt Nam's low response capacity are lack of basic, synchronous cybersecurity solutions to protect the system.

In addition, technology and digital transformation are constantly updated, in which the AI explosion makes businesses unable to adapt.

There has been a major development of professional cybercrime groups, including cross-border groups with very high qualifications, alongside a shortage of specialised personnel and the limited cybersecurity skills of the majority of users.

Sơn recommends that business and organisation leaders be the first proactively participate in solving the problem of incident response capacity.

From the experience of responding to a ransomware attack in mid-April this year, Đỗ Văn Thịnh, Director of the Cyber ​​Security Monitoring Centre under the CMC Cyber ​​Security, said that the attacked system was in the operational transition phase and exposed vulnerabilities and risks.

The centre analysed the causes to review and complete the process to ensure stricter security, and at the same time added measures to protect the system's safety.

According to NCA experts, organisations and businesses need to immediately improve their incident response capabilities, starting with the weakest component of each system: human resource.

Cybersecurity awareness and skills training for each individual in the organisation needs to be done regularly.

When the entire organisation has sufficient knowledge and skills in cybersecurity, other solutions such as technology and new processes can be effective.

In terms of technology, in the context of increasingly sophisticated cyber threats, units need to invest in solutions in a synchronous manner.

One more important piece of investment is to deploy centralised cybersecurity management solutions, integrate AI data analysis capabilities and connect with cybersecurity intelligence sources to monitor, detect and respond early to potential risks.

It is also imperative to develop a clear incident response process, assign specific responsibilities, have a ready-made scenario and support tools.

“In particular, businesses need to prepare contact information of authorities and associations in advance so that they can coordinate, report and handle incidents promptly. Being proactive and strategic is the key to minimising damage and protecting business operations in the digital environment,” Sơn said. — VNS