Bolstered regulations, subsidies, funding and consumer education initiatives may soon ignite a sharp boost in cyber resilience there yet …

Vietnam’s digital economy has touched US$53bn as the country pursues projects in e-government, internet of things, smart cities, financial technology, and AI.

With this unprecedented growth and demand for digital services throughout the country, the public and private sector face an increase in sophisticated cyber threats and attacks.

In the first five months of this year alone, there have been over 5,400 cyberattacks on Vietnamese systems. The country’s government has already mandated that from 2020 – 2025 the public sector must spend at least 10% of their organization’s total annual information technology expenditure on cybersecurity solutions and initiatives.

To find out more about the country’s cyber landscape, CybersecAsia.net interviewed Luu Thi Hai Chau, Chief Operations Officer, Nessar Vietnam Technologies JSC.

CybersecAsia: What key cybersecurity challenges are enterprises in Vietnam facing? 

Luu Thi Hai Chau (LTHC): We believe there are several:

    • Expanding attack surface: As a result of accelerated digital transformation (due to the pandemic), attack from within and outside the country have also been accelerated.
    • Despite the increased level of cyber threat there are too many human-operated measures to detect and respond to the threat warnings, and IT talent are frequently overloaded because there are no automated mechanisms in place to screen alert notifications and reduce manual interventions.
    • The rate of digital change in the country is faster than the rate of increase in overall corporate security postures. For instance, enterprises in the country lack sufficient skilled personnel and financial resources to implement security activities. They are also unable to hire sufficient cybersecurity talent because most IT graduates there favor non-cybersecurity areas of work.
    • The citizenry’s knowledge of cybersecurity is still limited: many employees are vulnerable to phishing and social engineering assaults. The stolen information is routinely exploited by hackers to collect more personal information and other details for use in conducting fraud, scams and attacks on various properties.
    • Meanwhile, cyber threats from around the world are leveraging AI and ML to launch thousands of strikes at once, stretching cybersecurity resources in the country beyond their limits.

CybersecAsia: What are the key industries in Vietnam that are more vulnerable to cyber threats?

LTHC: According to ourdata, most industries and personnel in Vietnam have some level of cyber risk. More than 1,000 occurrences of banking-related digital fraud were reported in the first six months of 2022, according to statistics from The National Cyber Security Monitoring Center (NCSC).

As in many countries, financial organizations and banks here are the most prominent targets for hackers. Although the industry has been regulated to increase security solutions, in the face of increasingly complex attack techniques and other factors cited above, financial institutions have been unable to cope.

As a result, the Vietnamese government has devised a policy to increase awareness and knowledge of information security at all levels of society. Furthermore, they have issued directives and are encouraging everyone to carry out operations to ensure maximum information security in a timely, regular, and ongoing way.

Currently, about 68.72 million individuals (70.3% of the total population), spend approximately seven as hours each day online. To educate them, the authorities organize seminars, events and initiatives to spread cyber awareness and upgrade the skills of IT operations staff and workers alike.

Luu Thi Hai Chau, Chief Operations Officer, Nessar Vietnam Technologies JSC.

CybersecAsia: Are there any aspects of cyber threat that are unique to Vietnam that need addressing?

LTHC: Most Vietnamese businesses lack sufficient cyber resources (both human and financial), and they may lack complete awareness of risk management and defense strategies.

Furthermore, while there are many system integrators and distributors in Vietnam, the majority of them are focused on individual security solutions and lack a comprehensive understanding of security. More native cybersecurity firms are needed that exceptional employees that deeply understand the Vietnamese way of life and can deliver entire cybersecurity and training solutions that overcome cultural and social pain points.

Also, most users in the country lack good awareness about real time cyber threats and fall prey to social engineering and phishing, state sponsored attacks, scams and fraud. On the opposite side of the coin, even as the country’s cyber awareness is increasing, hacking techniques are also becoming more sophisticated and democratized. The rapid rise in the use of mobile devices and apps is the perfect avenue through which to target the cyber-naïve population.

CybersecAsia: What advanced technologies and cybersecurity paradigms do you recommend for the country to overcome current cyber challenges?

LTHC: The proactive development of an overall information security monitoring system with multiple layers of protection can be of significant assistance to Vietnamese enterprises in monitoring and protecting IT systems.

The Open XDR Platform is a good starting point in helping organizations here to relieve some of the current pain points of boosting cybersecurity, including:

    • The use of AI for automating the handling of anomalies and improving warning accuracy
    • Enhancing intrusion detection with machine learning solutions
    • Using a next-generation intrusion detection system and advanced persistent threat (APT) Malware Sandbox to ward off APT or unknown (Zero Day) attacks
    • Advanced tools for network traffic analysis and next-generation security information and event management
    • The addition of User Behavior Analytics (UBA), Asset Analytics, Incident Management solutions and also threat intelligence services to current IT frameworks.
    • Although many enterprises and organizations have implemented a plethora of cybersecurity solutions and devices to protect the system at the perimeter, apps on users’ mobile devices have been vulnerable, so application security solutions can assist firms in improving the security of mobile apps and software development.
    • Increased use and funding of intelligent automation of testing solutions on a wide range of devices, platforms, and settings; functional testing; user experience evaluation; performance testing; zero trust policies; single sign-on protocols, security policy management; security operations center metrics and pentesting; application security, and data lifecycle management.

CybersecAsia thanks Luu Thi Hai Chau for sharing her insights on Vietnam’s unique cyber landscape.