Nearly half agencies, businesses targeted by cyberattacks in 2024

Society – Economy - Ngày đăng : 13:56, 24/12/2024

The total number of cyberattacks in 2024 is estimated to exceed 659,000,
Illustrative Photo. —Photo courtesy of the National Cybersecurity Association

HÀ NỘI — A report by the National Cybersecurity Association revealed that 46.15 per cent of agencies and businesses were targeted by cyberattacks at least once this year, with 6.77 per cent experiencing frequent attacks.

The total number of cyberattacks in 2024 is estimated to exceed 659,000.

The report from the Cybersecurity and High-Tech Crime Prevention Department, under the Ministry of Public Security showed that over 74,000 cyberattack alerts were issued for critical units alone, including 83 targeted Advanced Persistent Threat (APT) campaigns.

The report further reveals that APT attacks were the most prevalent form of attack in 2024.

According to the association, 26.14 per cent of attacks involved APTs using spyware malware for long-term infiltration.

Head of Technology Unit at the National Cybersecurity Association Vũ Ngọc Sơn, said the current state of cyberattacks highlighted the urgent need to raise awareness and invest in advanced cybersecurity solutions.

There must be closer collaboration between the Government, businesses and the technology community to swiftly enhance the legal framework and ensure timely information sharing.

Those were critical factors in protecting the national cyberspace and establishing a solid foundation for growth in the digital era, he said.

In addition to the risk of data theft, agencies and businesses also faced the threat of ransomware attacks that would encrypt their data.

A survey found that 14.59 per cent of organisations had been targeted by ransomware attacks in the past year.

That was a concerning statistic, as this form of attack was particularly damaging.

Once data was encrypted, there was no way to decrypt it, leading to severe operational disruptions and significant damage to an organisation’s reputation.

Therefore, the association recommended that organisations regularly conduct system vulnerability assessments, including comprehensive scans and evaluations of applications, software and network devices and implement timely security patches.

Organisations should also monitor their networks 24/7 for early detection of anomalies, establish clear incident response plans and ensure regular data backup and recovery procedures to minimise damage in the event of an incident.

Personnel shortage

Despite the growing severity of cyberattacks, Việt Nam is facing a critical shortage of cybersecurity professionals.

According to the survey, over 20.06 per cent of organisations reported that they have no dedicated cybersecurity staff, while 35.56 per cent have no more than five people in charge of cybersecurity – a number that falls far short of current needs.

To ensure cybersecurity, organisations operating on a 24/7 centralised monitoring model (SOC), with three shifts per day, require at least eight to ten dedicated staff.

A lack of personnel leads to an overload in managing risks and reduces the effectiveness of responses when incidents occur.

This shortage leaves organisations vulnerable to cyberattacks, resulting in substantial financial and reputational damage.

The survey also reveals that the adoption of 'Make in Việt Nam' cybersecurity products and services among agencies and businesses remains limited.

On average, organisations use only 24.77 per cent of cybersecurity products and services from domestic companies, reflecting a persistent lack of trust and heavy reliance on foreign technology.

This poses a significant challenge in developing Việt Nam's cybersecurity ecosystem and, more broadly, its cybersecurity industry.

Improving awareness

Despite these ongoing weaknesses, there have been positive signs in improving cybersecurity awareness.

Agencies and businesses are increasingly investing in technology solutions, training their staff and standardising cybersecurity procedures.

As of 2024, 85.11 per cent of organisations have equipped their systems with antivirus software, 75.68 per cent have implemented firewall solutions and 64.13 per cent have adopted data backup and recovery measures.

Organisations have also become more proactive in training their staff on cybersecurity, with 75.68 per cent providing internal cybersecurity awareness training at least once a year.

However, 24.32 per cent of organisations have yet to implement any cybersecurity training programmes.

Several advanced cybersecurity solutions and services are gaining traction.

Notably, 47.11 per cent of organisations have expressed interest in investing in centralised cybersecurity monitoring solutions, 35.26 per cent are using Threat Intelligence services, and 38.30 per cent per cent have implemented endpoint detection and response (EDR) solutions.

Along with technological investments, organisations are increasingly adopting cybersecurity standards.

About 53 per cent of organisations have implemented the International Organisation for Standardisation (ISO) standards, 31.61 per cent have adopted the Payment Card Industry Data Security Standard (PCI DSS) standards, 19.45 per cent follow the National Institute of Standards and Technology (NIST) standards and 34.65 per cent use Vietnamese standards.

Additionally, 64.13 per cent of organisations have proactively assessed and established information security levels in line with relevant guidelines.

The association said technological solutions were essential to ensuring cybersecurity.

While the adoption of cybersecurity solutions in Việt Nam was showing promising improvements, it remained far from the level required.

Organisations must allocate at least ten per cent of their IT budget to cybersecurity.

2025 Forecast

In 2025, Việt Nam is forecast to continue to face significant cybersecurity challenges, particularly with several major political, economic and diplomatic events expected to take place.

Cyber weapons are expected to incorporate artificial intelligence (AI) to enhance their ability to detect and exploit vulnerabilities.

The primary forms of attack will remain APT attacks, spyware and ransomware.

Industrial control systems, autonomous vehicles and drones will also become prime targets for hackers.

The advent of supercomputers and quantum chips with immense computing power presents both opportunities and major challenges for cybersecurity, particularly for encryption systems and algorithms.

The growing value of cryptocurrencies may increase the risk of cyberattacks, particularly in the form of cryptocurrency theft through e-wallets, exchanges, or ransomware payments.

Businesses and organisations will need to invest more heavily in advanced technologies, such as AI-based solutions and cybersecurity threat intelligence, to enhance their ability to detect and promptly respond to incidents.— VNS