Micro, small, and medium-sized enterprises (MSMEs) have long been considered the “backbone” of the Asia-Pacific economy, accounting for about 90 percent of all businesses and creating tens of millions of jobs.

However, this very group is increasingly becoming a “favorite target” of cybercriminals. More concerning, many risks do not stem from sophisticated cyberattacks, but originate from problems inside.

At Internet Day 2025 held on December 17, experts warned that in the digital economy, information security is no longer a purely technical issue but a vital factor determining the survival, resilience, and market expansion of small businesses.

When digital trust is no longer optional

Filip Graovac, Deputy Country Representative of The Asia Foundation (TAF) in Vietnam, said digital trust is the foundation of all business activities in the digital environment.

“Digital trust is not optional, it is essential,” he emphasized, noting that this trust directly translates into consumer confidence, repeat purchases, and a company’s reputation within the community.

The figures cited by Graovac show consumers’ growing sensitivity to data.

Up to 85 percent of consumers want to know a company’s data policy before deciding to purchase a product or service; 53 percent say they are only willing to transact with companies that have a strong reputation for protecting personal data.

He warned that when digital trust erodes, businesses tend to withdraw from the digital environment. This withdrawal not only means loss of revenue but also increases the risk of job losses and the loss of long-term growth potential, which is especially dangerous for small-scale enterprises.

Biggest risks lie within business

Contrary to the common belief that information security threats mainly come from hackers or viruses, many experts argue that the greater risk actually comes from user behavior within enterprises.

Mai Van Tai, Director of the SafeGate Cybersecurity Services Center, said the risk of data leakage is even “less external than internal.” According to him, the two most prominent issues are resource waste and data leakage via the Internet.

Beyond productivity losses, employee behavior can also lead to serious data leaks. Corporate data may be uploaded to online storage platforms such as Google Drive or OneDrive, or even fed into AI tools for analysis, without appropriate control measures.

In this context, statistics from the Ministry of Public Security show that in the first half of 2025 alone, up to 110 million data records were offered for sale online, reflecting the severity of the problem.

Meanwhile, Nguyen Ich Vinh, Vice Chair of the Board at FSI DDS, said one of the biggest “blind spots” for businesses today lies in their security approach.

Most enterprises still deploy traditional security models that focus on controlling inputs such as firewalls, antivirus software, and endpoint protection, while paying insufficient attention to monitoring data outputs.

He explained that after breaching initial defense layers, malware can silently establish connections with Command & Control (C&C) servers, enabling data exfiltration or receiving instructions for subsequent attacks.

Without mechanisms to control outbound traffic, it becomes difficult for businesses to detect these abnormal behaviors, especially as malware grows increasingly sophisticated with AI support.

Accessible solutions for small businesses

Facing these challenges, experts believe that building digital trust must start with people and communities.

According to the TAF representative, this process rests on four pillars: a supportive ecosystem of policies and training; users equipped with digital safety knowledge; trust between individuals; and responsible, transparent businesses in protecting customer data.

Small businesses have strong demand for basic security tools but are constrained by cost and human resource bottlenecks. Therefore, specialized solutions that are easy to use and suited to the scale of SMEs are key, ranging from Internet access monitoring systems and data leakage prevention tools to outbound traffic control devices.

As cyberattacks become increasingly sophisticated and amplified by AI, multi-layered defense is no longer an advanced option but a minimum requirement for businesses to protect data and maintain digital trust.

For small enterprises, correctly identifying risks, especially those originating internally, is the first step to avoiding being left behind in the digital economy.

Du Lam