A recent survey focused on nearly 200 agencies, institutions, and enterprises in the southern region, revealing the growing recognition of the importance of international and Vietnamese standards in regulations. Approximately 74 percent of enterprises have adopted ISO 27000 or Vietnamese standards, marking a 30 percent rise compared to the previous survey conducted in 2023.
Moreover, there is an increased understanding among businesses and institutions regarding the significance of investing in information security. Half of the units now utilize outsourced information monitoring services to enhance cost-efficiency, a notable increase from the 20 percent recorded in 2023.
The survey also highlighted a heightened demand for training, particularly in information security awareness. This indicates that institutions and businesses have drawn valuable lessons from previous attacks, including those employing non-technical strategies and long-dormant hacking methods leading up to the final breach.
Enterprises are primarily concerned about APT attacks, financial breaches, and internal threats, emphasizing the importance of having standard procedures in place to effectively handle incidents when their information systems are compromised.
Despite the clear benefits of having a standard procedure for incident response, approximately half of the organizations surveyed are still negligent in this aspect, as noted by a VNISA officer.
The VNISA survey also noted several trends in the southern region, such as organizations conducting IT system assessments through simulated cyberattacks to identify vulnerabilities, the increasing adoption of information system classification protocols, the effectiveness of data backups in combating ransomware, and the unfamiliarity with cybersecurity insurance to mitigate attack damages.
Ngo Vi Dong, deputy chair of VNISA, highlighted a surge in ransomware attacks in the first half of 2024, resulting in system paralysis and financial losses. He also flagged a significant incident in July 2024 involving BSOD (blue screen of death), which disrupted numerous organizations due to excessive reliance on computing clouds and operating systems, serving as a wakeup call for agencies and organizations.