Vietnam Experiences Significant Drop in Cyber Attacks Amid Growing Security Awareness

In October, the Authority of Information Security under the MIC reported 204 cyber incidents impacting Vietnam’s information systems. This marks an 18.4% decrease from September and a notable 79.8% drop from the same month in 2023.

The trend has shown a consistent decline over the last three months, with incidents decreasing from 349 in August to 250 in September, before hitting 204 in October.

From January to October 2024, a total of 4,483 cyber incidents were logged in Vietnam, reflecting a significant 57.4% reduction from the 10,513 incidents noted in 2023 during the same timeframe.

Experts in cybersecurity suggest that this reduction indicates a growing awareness among organizations in Vietnam about the necessity of safeguarding their information systems.

During the recent CIO CSO Summit 2024, cybersecurity expert Trieu Thi Thu Lan from KPMG Vietnam highlighted that the rise in cyber incidents has prompted many Vietnamese firms to prioritize information security more seriously.

Despite the reduction in incidents, the complexity and intensity of cyber attacks are increasing.

This year, Vietnam has experienced several ransomware attacks targeting vital sectors like telecommunications, energy, securities, and logistics, significantly disrupting operations and inflicting economic and reputational damage on companies.

The Authority of Information Security has pointed out that this trend indicates heightened interest from international cybercriminals in Vietnamese entities.

The agency stressed the importance of remaining vigilant and enhancing cybersecurity measures to effectively tackle evolving cyber threats.

In response to these cybersecurity challenges, the Authority of Information Security proposes three essential strategies for organizations: robust response planning, sufficient investment in cybersecurity, and regular incident response drills.

Organizations are advised to develop a thorough information security strategy that encompasses monitoring, detection, protection, quick response, and recovery measures after a cyber incident.

This strategy should comply with stringent information security standards and integrate six foundational solutions recommended by the MIC.

A representative from the Authority of Information Security stressed the importance of conducting offline data backups and ensuring system recovery within 24 hours after an incident, and that systems should remain inactive until they are confirmed secure.

Moreover, cybersecurity investments should constitute 10% of the overall IT and digital transformation budget for organizations.

Regular staff training, routine cybersecurity evaluations, and real-time security exercises are also vital for detecting vulnerabilities in information systems.