The survey covered nearly 200 agencies, institutions and enterprises in the southern region. It found that regulations that have international and Vietnamese standards are considered important by enterprises, with 74 percent saying they have applied ISO 27000 or Vietnamese standards, an increase of 30 percent over the survey in 2023.

The proportion of businesses and institutions that understand the importance of investment in information security has also increased. The number of units using hired information monitoring services to optimize costs increased to 50 percent. The figure in 2023 was 20 percent.

The demand for training, especially on awareness of information security, has increased, which shows that institutions and businesses have learned lessons from recent attacks, including ones using non-technical tricks and hacking methods that are long dormant before the final attack. 

APT attacks, financial attacks, and internal attacks are the biggest concerns for enterprises.

When their information systems face problems, agencies, institutions and businesses finally become more fully aware of the importance of a standard procedure to get ready to handle incidents.

“A standard procedure will help prevent panic and prepare us to react in emergency cases. However, half of the polled organizations still don’t care about this work,” a VNISA officer commented. 

The survey conducted by VNISA found other characteristics in the southern region: Assessing of IT systems by hiring organizations to carry out cyberattack experiments, looking for loopholes, and assessing of human resource processes are implemented by many organizations; classifying the levels of information systems has become a familiar requirement; fighting ransomware by backing up data is effective; and cybersecurity insurance to reduce damages if attacked remains unfamiliar.

VNISA deputy chair Ngo Vi Dong said many ransomware attacks were reported for the first half of 2024, paralyzing information systems and causing financial damage.

The BSOD (blue screen of death) case that occurred in July 2024 caused disruption to the operation of many organizations because of an over-reliance on computing clouds and operating systems. Dong said the incident should be seen as an alarm bell for agencies and organizations.

Van Anh