The NCA today released the 2024 Vietnam Cyber Security Research and Survey Report for agencies and businesses.
In 2024, a significant increase in cyberattacks is anticipated, with estimates exceeding 659,000 incidents. Targeted attacks, espionage operations, and data encryption attacks are identified as the most prevalent forms of cyber threats.
The analysis was carried out in December 2024, utilizing data from a survey involving 4,935 units and organizations across Vietnam. The findings indicate that in 2024, both agencies and businesses in Vietnam encountered numerous significant challenges in cyberspace, particularly marked by a notable rise in the frequency of cyberattacks.
Serious incidents have been reported, affecting major enterprises and organizations, including VNDirect, PVOIL, Vietnam Post, as well as medical and educational institutions, highlighting that cybercrime can impact any sector.
In the recent survey, it was found that approximately 46.15 percent of agencies and enterprises experienced at least one cyberattack, with 6.77 percent facing attacks on a regular basis. The estimated total number of cyberattacks for the year exceeds 659,000.
The Ministry of Public Security's Department of Cyber Security and High-Tech Crime Prevention and Control (A05) reported over 74,000 warnings regarding cyberattacks aimed at key units, which included 83 campaigns of Advanced Persistent Threat (APT) attacks.
The NCA report indicates that APT targeted attacks are the predominant type of cyberattack in 2024.
In the year, APT attacks utilizing spyware accounted for as much as 26.14 percent of all attacks. Hackers frequently exploit four primary types of vulnerabilities for targeted assaults including weaknesses in the software being utilized; flaws in management, configuration, and authorization procedures; vulnerabilities arising from insecure supply chains; and human-related vulnerabilities within the system.
Beyond the risk of information and data theft, organizations also contend with the dangers of data encryption and ransom demands.
The survey indicates that approximately 14.59 percent of agencies and businesses reported experiencing ransomware attacks in the previous year. This statistic is concerning, as ransomware poses significant risks and can be extremely damaging. Once data is encrypted, it becomes irretrievable, leading to disruptions in operations and negatively impacting the reputation of the affected organizations.
Cyber attacks pose a significant threat, yet Vietnam faces a critical shortage of human resources in the field of cyber security.
A survey conducted by NCA revealed that over 20.06 percent of organizations reported a lack of specialized personnel for cyber security, while 35.56 percent of agencies and businesses have managed to assign no more than five individuals to this crucial role.
To effectively safeguard against cyber threats, the report suggests that organizations should adopt a 24/7 Security Operations Center (SOC) monitoring model, which operates in three shifts with four teams. It recommends that each organization should have a minimum of 8 to 10 dedicated positions for cyber security.
A shortage of personnel will result in an overburdened risk management team, diminishing the efficiency and timeliness of responses to incidents. This vulnerability exposes organizations to cyber attacks, potentially causing significant financial losses and damage to their reputation.
Cybersecurity Forecast 2025
In 2025, Vietnam is anticipated to encounter significant cybersecurity challenges, as highlighted by the NCA, particularly with numerous critical economic, political, and diplomatic events scheduled throughout the year. The country is likely to experience a rise in cyberattacks characterized by espionage and sabotage.
The techniques employed in cyberattacks are becoming more advanced and varied, with cyber weapons increasingly utilizing AI technology to enhance their capability to identify and exploit vulnerabilities. The predominant attack methods will continue to include APT targeted attacks, spyware, and ransomware.
Additionally, industrial control systems, autonomous vehicles, and drones are expected to emerge as new targets for cybercriminals.
The advent of supercomputers and quantum chips with immense computational power presents both opportunities and significant challenges for cybersecurity, particularly for encryption systems and algorithms.
Similarly, the increasing value of cryptocurrencies heightens the risk of cyberattacks, including cryptocurrency theft via e-wallets, exchanges, and ransom payments made in digital currencies.