"Information security, a vital factor for businesses in the digital age" was the title of the seminar held in late September by the Hanoi Association of Female Entrepreneurs, MISA, CyPeace, Savvycom and Hanel under sponsorship of the Authority of Information Security (AIS).

The event aimed to provide useful and essential information to businesses, especially SMEs (small and medium enterprises), to heighten awareness and the capability of enterprises to protect information, data and digital assets.

Le Cong Phu, deputy director of the Vietnam Cybersecurity Emergency Response Teams/Coordination Center (VNCERT/CC), said in the context of more cyberattack campaigns associated with global geopolitical disputes and conflicts, the risks of cyber insecurity have become complicated and unpredictable.

Phu noted that cyberattacks tend to target important information infrastructure. Globally and in Vietnam recently, serious incidents related to the finance and banking sector, energy, healthcare sectors and private enterprises have been reported.

The cyberattacks to information systems of VnDirect (securities company) and PVOil (petroleum distributor) in the first months of 2024 not only caused financial damages and affected their reputation, but also had a negative impact on activities to ensure national cybersecurity.

Emphasizing the importance of information security for enterprises, Phu said sophisticated cyberattacks are mostly backed by states and professional organizations. Therefore, cybersecurity is not only a technical issue, but also an important pillar to maintain the sustainable development of the national economy in the digital era, ensuring a stable and reliable business environment.

Bui Hai Yen, chair of the Hanoi Association of Female Entrepreneurs, commented that digital transformation is bringing big benefits to businesses, but the new mode of production exposes businesses to challenges in cybersecurity and information safety, including protecting enterprises’ digital assets – data and information – in a digitized environment.

“Ensuring information security has become more urgent than ever, which requires entrepreneurs and businesses to improve their awareness and defense capability,” Yen said.

Protecting data

At the seminar, information security experts cited the common risks to cybersecurity in Vietnam, and recommended solutions that businesses and organizations should apply when operating in a digital environment.

CyPeace chair Ngo Minh Hieu said spending on measures to ensure information security and risk management globally in 2023 reached $188.1 billion, or 14.2 percent higher than the year before. However, risks still increased rapidly.

Hieu said the number of security vulnerabilities discovered and announced in 2023 increased by 11.1 percent over the year before. Of this, high-level and serious vulnerabilities accounted for 56 percent, which mostly were found on popular products and software.

Nguyen Quang Huy from Savvycom cited international statistics as pointing out that the risks for information security at enterprises, especially SMEs, are extremely high.

A 2023 report by CNBC and Black Frog showed that half of data infringement cases targeted small enterprises, while 87 percent of people who had the right to make decisions on issues related to information technology at SMEs reported that they had to cope with more than two cyberattacks.

CNBC and Black Frog also reported that only 8 percent of businesses have budgets for cybersecurity activities, 25 percent don’t have sufficient resources in information administration because of small staffing and some restrictions, and 42 percent don’t have plans to handle cybersecurity dangers. Particularly, one third of businesses rely on free solutions.

A senior officer from Savvycom recommended that businesses carry out solutions, including policies, training, authentication, regular updates of software, and data backup. They need to be ready to respond to cyberattacks.

Stressing that humans are the weakest link in ensuring cybersecurity, he suggested that organizations should encourage their staff to have the habit of staying vigilant about possible risks. It is necessary to help staff to feel free to report suspected activities.

Nguyen Quang Hoang from MISA, a software solution provider, noted that there have been big changes in the nature of cyberattacks. The holes in technology are the major targets of attackers. In such a condition, SaaS (software as a service) is an important solution.

Van Anh