On May 21, the National Cyber Security Association (NCA) held a seminar on "The maturity level of Vietnamese enterprises and organizations in being ready to respond to incidents".
The digital transformation process is taking place strongly, along with that, the number of cyber attacks is constantly increasing in both quantity and severity. However, most Vietnamese enterprises still do not have the necessary capacity, processes or preparation to deal with cybersecurity incidents.
According to statistics from NCA, in 2024, there will be up to 659,000 different cybersecurity attacks, affecting about 46.15% of agencies and businesses.
52.89% of enterprises and organizations in Vietnam do not have adequate technological solutions to respond to cybersecurity incidents; 56.16% do not have enough specialized personnel for cybersecurity.
According to Cisco's report, only 11% of businesses and organizations are mature enough to respond to incidents.
The main reasons for Vietnam's low response capacity include: Lack of basic, synchronous cybersecurity solutions to protect the system; technology, digital transformation that is constantly updated, in which the explosion of AI makes it difficult for businesses to adapt; the strong development of professional cybercriminal groups, including cross-border groups with very high qualifications; the shortage of specialized personnel and network safety and security skills of the majority of users is still limited.
According to Mr. Vu Ngoc Son - Head of Technology Research Department, NCA: "Enterprise and organization leaders must be the first to proactively participate in solving the problem of incident response capacity. Cyber security is not a "posthumously calculatable" game, but a strategic responsibility that needs to be prepared in advance, early. Establishing technology solutions, building response processes, raising awareness, practicing and cooperating with experts should be an inevitable part of the risk management plan of every business, whether large or small".
According to NCA experts, improvement should be started right from the weakest component of each system, which is humans. Training cybersecurity awareness and skills for each individual in the organization needs to be done regularly. When the entire apparatus has enough knowledge and skills in cybersecurity, other solutions such as technology and processes can be effective.
In terms of technology, in the context of increasingly sophisticated cyber threats, businesses and organizations need to invest in solutions synchronously.
Accordingly, it is necessary to deploy centralized cybersecurity management solutions, integrating data analysis capabilities using AI and connecting with digital security intelligence sources to monitor, detect and respond early to potential risks.
In addition, it is mandatory to develop a clear incident response process, assign specific responsibilities, have available handling scenarios and support tools.
In particular, businesses need to prepare in advance for communication from authorities and associations to be able to coordinate, report and handle incidents promptly. Proactiveness and strategy are the key to minimizing damage and protecting business operations in the digital environment.
