This information was shared by experts from Viettel Cyber Security (VCS) at the recent "Building Cybersecurity Strategies for Multi-Sector Enterprises 2024" seminar held in Hanoi and Ho Chi Minh City. The event attracted nearly 100 companies from the retail, e-commerce, and logistics sectors to discuss cybersecurity risks and effective response strategies.

“The lack of cybersecurity protection makes users hesitant to use online services, which greatly impacts businesses. Ensuring cybersecurity must be a top priority and constantly emphasized,” said Nguyen Duc Tuan, Acting Director of the National Cybersecurity Monitoring Center (NCSC), at the seminar.

Unseen attacks: many organizations unaware they are compromised

As one of the largest cybersecurity solution providers in Vietnam, VCS has held numerous seminars to share cybersecurity risks and solutions for different sectors, with retail and e-commerce being key concerns due to the vast amount of customer data they handle. The rapid expansion of online services in these industries further increases the risk of cyberattacks.

During his presentation, Tran Minh Quang, Director of VCS’s Cybersecurity Threat Analysis Center, detailed the threats facing the retail, e-commerce, and logistics sectors, which play pivotal roles in the economy.

Recently, Vietnam has seen a surge in ransomware attacks, which encrypt data for ransom. According to Quang, the situation could have been far worse, with at least 40 organizations reportedly being "initially compromised," meaning hackers had infiltrated their systems but had not yet activated the ransomware. This presents an opportunity for businesses to detect and remove malware before the attack escalates.

In a report from Viettel Threat Intelligence, the retail sector alone experienced at least eight APT (Advanced Persistent Threat) campaigns in the first six months of 2024, leading to 24 data breaches and the exposure of 4.5 million records. Retailers and e-commerce platforms also face frequent phishing attacks and DDoS (Distributed Denial of Service) attacks. In June, a significant volume of user data from several Vietnamese retailers was found for sale on the dark web, including full names, passwords, and phone numbers.

The risk extends to all stakeholders in these industries, from platforms to sellers, buyers, suppliers, and logistics partners. The rising number of online users has expanded the attack surface, making the sectors even more vulnerable. Increasingly sophisticated attacks have also targeted user assets, particularly as online payment methods become more integrated. “The damage isn’t limited to financial losses - businesses could also face reputational crises and legal risks,” Quang emphasized.

Growing challenges for the sector

The active participation of nearly 100 businesses at the seminar highlights the growing concern for cybersecurity in Vietnam’s retail, e-commerce, and logistics sectors. However, experts noted a disparity in cybersecurity readiness across different organizations.

“Retailers are not just dealing with a few hackers; they face well-organized cybercrime groups, often more sophisticated and better funded than their victims,” Quang explained, citing notorious groups like LockBit and Lazarus, which generate billions in revenue annually.

The rise of Ransomware-as-a-Service (RaaS) has further exacerbated the situation. These groups maintain the attack infrastructure and tools, then sell access to would-be attackers, sharing profits from successful attacks. On dark web markets, ransomware and DDoS attack services can be purchased for as little as a few dozen dollars a month, which is why the number of attacks has surged, especially in emerging markets like Vietnam.

Retail and e-commerce companies, which are not typically specialized in cybersecurity but must maintain stable systems and handle vast amounts of user data and transactions, have become prime targets for hackers.

Quang noted that challenges facing Vietnamese businesses, especially in retail, e-commerce, and logistics, stem from issues with people, processes, and technology. A shortage of skilled cybersecurity professionals and a lack of awareness among end-users, combined with delayed updates on security threats, leave businesses vulnerable. Without continuous monitoring and timely responses, companies are easy targets.

To address these challenges, VCS experts recommend partnering with specialized cybersecurity firms to help businesses regain control and balance the playing field. Understanding the threats will allow companies to develop appropriate countermeasures, rather than investing blindly in ineffective solutions.

The seminar underscored the importance of staying ahead of cybersecurity threats, especially as nearly every industry undergoes technological transformation. "The rapid advancement of technology requires businesses to pay more attention to cybersecurity. Preventing threats is the foundation for secure growth," Nguyen Duc Tuan stressed.

Hong Nhung