Cybersecurity Strategies for Enterprises: Insights from Recent Seminar

Experts from Viettel Cyber Security (VCS) shared crucial insights at the “Building Cybersecurity Strategies for Multi-Sector Enterprises 2024” seminar held in Hanoi and Ho Chi Minh City, attracting nearly 100 companies within the retail, e-commerce, and logistics industries. The gathering focused on identifying cybersecurity threats and effective response measures.

Nguyen Duc Tuan, Act. Director of the National Cybersecurity Monitoring Center (NCSC), emphasized that the absence of adequate cybersecurity measures leads to user hesitation towards online services, adversely affecting businesses. He argued for making cybersecurity a top priority.

VCS, a leading cybersecurity service provider in Vietnam, continually organizes seminars addressing various sectors’ cybersecurity concerns, with a spotlight on retail and e-commerce due to their extensive handling of customer information. The swift growth of online services in these fields amplifies vulnerability to cyber threats.

In his talk, Tran Minh Quang, Director of VCS’s Cybersecurity Threat Analysis Center, outlined specific threats targeting the retail, e-commerce, and logistics sectors, all of which are essential to the Vietnamese economy.

Vietnam has recently witnessed a notable rise in ransomware incidents, which involve encrypting data and demanding ransom. Quang pointed out that although 40 organizations had been “initially compromised,” or infiltrated without ransomware activation, this offered a chance for them to detect and eradicate malware preemptively.

According to a Viettel Threat Intelligence report, the retail sector faced at least eight Advanced Persistent Threat (APT) campaigns in early 2024, resulting in 24 data breaches and exposing around 4.5 million records. Additionally, retailers and e-commerce platforms are frequently targeted by phishing and DDoS attacks. In June, a substantial amount of customer information from various Vietnamese retailers, including names, passwords, and phone numbers, surfaced on the dark web.

The cybersecurity risks affect all participants in these industries, including platforms, sellers, buyers, suppliers, and logistics providers. The growing number of online users has increased the vulnerability, expanding the attack surface. More sophisticated cyberattacks are increasingly targeting user assets, exacerbated by the rise of integrated online payment systems. “The consequences extend beyond financial setbacks to potential reputational damage and legal challenges for businesses,” Quang remarked.

The seminar’s strong turnout reflects the escalating concern surrounding cybersecurity within Vietnam’s retail, e-commerce, and logistics sectors. However, experts observed varying levels of cybersecurity preparedness among participating organizations.

Quang remarked that retailers are contending not just with lone hackers, but with well-organized cybercrime organizations, which often possess greater sophistication and funding than their targets. He highlighted notorious groups like LockBit and Lazarus, which yield billions in profits annually.

The proliferation of Ransomware-as-a-Service (RaaS) has intensified these challenges. Such groups offer access to attack tools and infrastructure, sharing profits from successful exploits. In underground markets, services for ransomware and DDoS attacks can be obtained for minimal costs, contributing to the surge in incidents, particularly in emerging markets like Vietnam.

Retail and e-commerce entities, lacking dedicated cybersecurity expertise yet responsible for managing vast volumes of user transactions and data, have emerged as primary targets for cybercriminals.

Quang mentioned that the hurdles faced by Vietnamese businesses in retail, e-commerce, and logistics originate from deficiencies in people, processes, and technology. A gap in skilled cybersecurity personnel, coupled with insufficient awareness among users and delayed security updates, heightens risk exposure, making businesses susceptible to attacks without persistent monitoring and swift reactions.

VCS specialists advocate for collaboration with specialized cybersecurity companies to help organizations regain control and level the competitive field. A thorough understanding of threats can guide companies in crafting effective counter-strategies instead of investing in unsuitable solutions.

Ultimately, the seminar highlighted the necessity for proactive measures in tackling cybersecurity threats as industries rapidly evolve technologically. “With swift technological growth, it is imperative for businesses to focus on cybersecurity. Preventing exploits serves as the bedrock of secure development,” concluded Nguyen Duc Tuan.