Cybersecurity is no longer a single technical issue
In 2025, the Vietnam Cyber Emergency Response Center (VNCERT) said that it had received a report on a cybersecurity incident that occurred at the National Credit Information Center (CIC). Initial verification results show signs of attacks and intrusions from cybercriminals with the aim of stealing personal data.
Immediately after receiving the information, the Department of Cyber Security and High-Tech Crime Prevention directed VNCERT to preside over and coordinate with network information security service providers including Viettel, VNPT, NCS, together with CIC and functional units of the State Bank to synchronously deploy technical and professional measures to respond, verify and ensure network security. At the same time, relevant data and evidence are also collected for handling according to the provisions of law.
This is just one of the cyberattacks on Vietnamese organizations and businesses in the past year. According to statistics from the National Cyber Security Association, in 2025, information systems in Vietnam faced about 552,000 cyberattacks, down 19.38% compared to 2024.
Mr. Vu Ngoc Son - Head of Technology Department, National Cyber Security Association - said that this development shows that the investment efforts in cybersecurity of agencies and organizations have initially been effective, making attacks no longer as easy as before.
However, the decrease in the number does not mean a decrease in the level of risk. Because hackers are shifting to a selective attack strategy, focusing on specific targets, with careful preparation and deeper exploitation capabilities, increasing the risk even though the total number of attacks decreases.
In 2025, the most impactful cases will focus on attacks that infringe on and steal data. This shift shows that hackers no longer only aim to paralyze the system to demand ransom, but are increasingly considering data as valuable assets for long-term exploitation.
Stolen data can be bought, sold, exchanged or used for various purposes in underground markets, increasing the risk of prolonged exposure for affected organizations. Even if the system is restored, the consequences of data loss of control can still continue for a long time, directly affecting the reputation, legal responsibility and trust of customers and partners.
According to Mr. Son, surface attacks like DDoS often quickly disrupt operations, attract attention and disperse resources of the network security operating team. When organizing to focus on handling incidents, deep defense layers may be neglected for a certain period of time. Taking advantage of these gaps, hackers secretly deploy targeted attack campaigns, deeply penetrate the system, install latent malware and maintain their presence for a long time without being detected.
Hackers tend to double-attack, not rush to encrypt data immediately upon intrusion but will stay in the area for a long time. The goal of stealing important data is to sell, exchange or exploit it on black markets. Only when the exploited data is no longer available can data be encrypted to extort victims" - Mr. Son said.
The expert said that cybersecurity in 2025 shows clear progress in awareness, but the level of investment in technical solutions and human resources is still not commensurate with the speed and sophistication of attacks. The continued increase in the rate of agencies and businesses being attacked is a clear warning that cybersecurity is no longer a single technical issue, but has become a management, strategy and sustainable development problem in the digital age.
The problem of 2026
The Head of Technology Department, National Cyber Security Association, said that in 2026, both the Law on Cyber Security and the Law on Protection of Personal Data will officially take effect. The new regulations help clarify the legal responsibilities of agencies and organizations in protecting systems and user data. Organizations need to know clearly what data they are collecting and storing, where, who is entitled to access and for how long. Along with that, it is necessary to build a standard process for preventing, detecting, responding and overcoming incidents, instead of just handling them when attacked.
Organizations and businesses need to train network security awareness for officials and employees, because people are the weakest link, so compliance with the law must be accompanied by improving skills and security awareness. When attacks occur, units must promptly report and coordinate with functional agencies to minimize damage and avoid legal risks" - Mr. Son gave advice.
According to cybersecurity expert Ngo Minh Hieu, Vietnamese businesses face major risks not because of lack of technology, but because of a lack of a true cybersecurity "shield". Stepping into 2026, businesses need to see cybersecurity as a strategic investment. In addition to deploying multi-layered security systems, it is necessary to regularly update and patch security vulnerabilities.
2026 will witness a clear shift in attack methods. If hackers used to mainly attack on a large scale, now attacks are increasingly specific, well-prepared and deeply exploit the most valuable assets of businesses, especially data. Hackers not only encrypt systems to extort money, but also steal information and threaten to disclose data" - Mr. Hieu said.
To create a shield to protect businesses, according to Mr. Hieu, it is necessary to back up smart data - apply the 3-2-1 rule, 3 copies, 2 different media, 1 offline copy. Periodically, it is necessary to check the ability to restore data. The most important thing is to comply with regulations and recommendations of functional agencies on network security, and report promptly when incidents occur.
