According to Bkav Corporation’s latest summary on cybersecurity in Vietnam, in 2018 the country suffered VND14.9 trillion ($647 million) in damages from computer virus attacks, equal to 0.26 per cent of GDP and 21 per cent more than in 2017.
In addition, the survey also showed that 60 per cent of local agencies and businesses were struck by ransomware. Specifically, malware seized control of an average of six out of every 10 enterprises and agencies.
The figures show that even with the Law on Cybersecurity coming into effect, improving information security remains a major problem for the local government.
More than 1.6 million computers lost data in 2018, according to Bkav’s survey, clear evidence for gaps in the local government’s security system. Moreover, in 2017 and 2018, a total of 15,700 cybersecurity vulnerabilities were discovered, 2.5-times higher than in previous years. Many serious attacks were against popular software like Adobe Flash and Microsoft Windows.
Even as security patches are issued swiftly, it takes up to five days to deal with security gaps, according to the Cisco 2018 Asia-Pacific Security Capabilities Benchmark Study.
In fact, information security in Vietnam is weak. The latest Global Cybersecurity Index stated that Vietnam ranked 101th, much lower than neighbouring countries like Singapore (first), Malaysia (third), Thailand (20th), and Laos (77th).
Discussing the issue with VIR, Ha The Phuong, deputy CEO and Information Security Service director of CMC InfoSec, said, “Lacking synchronisation and no strategies to develop long-term technology investment have brought too many suppliers to the market, which makes it more complicated to deal with cybersecurity violations.”
A VietnamWorks survey calculated that if the growth rate of IT personnel stays at 8 per cent in the next years, Vietnam will be short of 78,000 employees more every year. By 2020, this shortage will exceed 500,000.
According to Phuong, cybersecurity legislation has yet to be completed and remains a novelty. Specifically, the Law on Cybersecurity came into effort only this year and the Law on Information Security has only been effective for three years.
Bkav experts forecast that AI malware may appear in 2019 under the initial form of Proof of Concept (PoC). Accordingly, hackers will use software applying AI to attack severs instead of manually attacking, as before. In the future, AI may be created to learn and improve on its own and attack servers by itself.
According to Nguyen Minh Duc, founder of cybersecurity company CyRadar, in 2019 attacks on local authorities and organisations will keep increasing. The attacks not only target computers, but other Internet of Things (IoT) devices, smartphones, and other connected devices.
“Once IoT, which is used to build smart houses and smart devices, develops to a sufficient extent, the scale of the attacks will be much larger,” Duc said.
In addition, ransomware, data deleting malwares, cryptocurrency mining malware, and advanced persistent threat (APT) attacks will remain a threat to Vietnamese people in 2019.
According to Bkav, authorities and enterprises need to improve security policies to ensure computers are fully updated with patches to avoid the risk of being exploited.
Furthermore, the e-government security system needs to change to reach Industry 4.0 standards.
Phuong from CMC InfoSec said that Vietnam cannot reach this without integrating 4.0 features into its information security system, like automation and AI to offer swift and accurate decisions, collect and process huge amounts of security data to discover and deal with risks on short notice.
In the short-term, the government needs to enter into co-operation with enterprises specialised in security that can supply technology and human resources, according to Phuong.