Targeted cyberattacks are becoming increasingly sophisticated and persistent. According to a representative from the National Cybersecurity Center under A05 (Ministry of Public Security), there has already been a case where a hacker remained undetected within a Vietnamese enterprise’s system for nine months before launching an attack.

Well-funded cybercriminal organizations are now behind major threats

At the roundtable titled “Assessing the cybersecurity readiness maturity of Vietnamese enterprises and organizations” held by the National Cybersecurity Association (NCA) on May 21, Major Tran Trung Hieu, Deputy Director of the National Cybersecurity Center (A05), noted that cybersecurity threats have intensified in recent years.

Intentional cyberattacks are becoming more frequent, complex, and sophisticated. “These are no longer isolated acts by lone hackers. Behind these targeted attacks are large, well-funded organizations with extensive resources and professional cyber weapons,” said Major Hieu.

Meanwhile, Vietnam is facing a significant shortage of skilled cybersecurity personnel, both in quantity and quality. Even large enterprises struggle to staff their security operations centers (SOCs) effectively - let alone public agencies.

Major Hieu cited an incident involving a major bank. Despite having invested in a SOC, the bank could only monitor threats during business hours due to a lack of personnel. “At night, the hackers were free to operate. Many large Vietnamese firms have SOCs but lack both expert personnel and skilled operators.”

He also highlighted additional challenges: limited cybersecurity awareness among staff and leadership, lagging security technologies compared to applied technologies, and underdeveloped legal frameworks for cybersecurity.

From NCA’s perspective, Vu Ngoc Son, Head of Technology Research, pointed out that the digital transformation boom is accelerating the volume and severity of cyberattacks. However, most Vietnamese businesses still lack the capabilities, processes, and preparation to effectively respond.

According to a Cisco report, only 11% of organizations in Vietnam are at a mature level of cybersecurity readiness. An NCA survey conducted in late 2024 found that 52.89% of organizations lack complete technological solutions for incident response, and 56.16% do not have dedicated cybersecurity personnel. In 2024, there were 659,000 reported cybersecurity incidents, impacting about 46.15% of organizations.

Building resilience: Where to start?

Experts from A05, NCA, and CMC Cyber Security agreed that the key reasons for Vietnam’s limited response capacity include: lack of basic and integrated cybersecurity solutions; the rapid evolution of digital technologies and AI; the rise of highly professional and transnational cybercriminal groups; and the general lack of cybersecurity skills among personnel.

Vu Ngoc Son emphasized that business and organizational leaders must personally engage in building their entity’s cybersecurity readiness.

Sharing his experience from a ransomware incident in April 2025, Do Van Thinh, Director of the Cybersecurity Monitoring Center at CMC Cyber Security, said identifying root causes and lessons learned is essential for raising team awareness.

His organization used the event as an opportunity to audit and enhance their protection processes, tighten operational procedures, and implement additional safeguards.

NCA experts stressed that improving cyber incident response must begin with addressing the system’s weakest link: the human factor. Regular training in cybersecurity awareness and skills for all staff is crucial. Only when people understand their role in protecting systems can technical solutions and procedures be truly effective.

In terms of technology, organizations must invest in comprehensive systems that include centralized cybersecurity management, AI-powered data analytics, and threat intelligence integration to enable early detection and response to emerging risks.

Additionally, establishing clear response procedures, assigning responsibilities, preparing incident playbooks, and equipping teams with support tools are non-negotiable.

“Importantly, organizations should maintain ready access to contacts within regulatory agencies and industry associations for timely coordination and reporting when incidents occur. Proactive preparation and strategic planning are the keys to minimizing damage and safeguarding digital operations,” concluded NCA experts.

Van Anh