HCMC – The Covid-19 pandemic has triggered cybersecurity challenges for small and medium enterprises (SMEs), with over half of the SMEs in Vietnam facing cyber attacks in the past year.
According to a study by Cisco Secure, 59% of SMEs in the country have experienced one or several cyber incidents such as malware, phishing, DNS tunneling and SQL injection over the past 12 months.
The affected businesses represent a broad range of industries such as construction, education, engineering, design and architecture, financial services, food and beverages, healthcare, manufacturing and technology services.
Some 53% of SMEs said the cyber incidents they experienced have increased during the pandemic and 67% felt exposed to cyber threats.
Over 71% of SMEs in Vietnam said they are more worried about cybersecurity now than they were 12 months ago. The worries are being driven in part by a growing realization of the implications that a serious incident could have on their business.
SMEs are also increasingly aware of where the biggest threats come from, with phishing seen as the top threat.
Phishing is a tactic where hackers masquerade as a trustworthy entity to try and get the user to open a specific digital communication sent to them, such as an email, hyperlink, or instant message. Though this is an old tactic, it remains popular due to its simplicity and effectiveness.
Nearly 40% of SMEs said the number one reason these attacks were successful was that their cybersecurity solutions were inadequate to detect and prevent an attack. This highlights the fact that having the right technology is critical to building a strong security posture.
According to Cisco, SMEs are especially being targeted by attackers looking to deploy malicious software with the intention of either disrupting, damaging, or gaining unauthorized access to the devices being targeted.
The majority of SMEs that suffered an incident experienced a loss of some kind. A whopping 86% of SMEs in Vietnam that experienced an incident said it resulted in the loss of customer data.
Besides, the affected SMEs also lost employee data (67%), internal emails (61%), financial information (58%), intellectual property (56%), and sensitive business information (51%). In addition, 61% admitted that cyber-attacks have hurt their reputation.
According to Luong Thi Le Thuy, Managing Director of Cisco Vietnam, the pandemic has fueled a critical need to invest in technology solutions and capabilities among organizations of all sizes.
A majority of SMEs have adopted some form of technology. As Vietnam is gradually reopening its economy, businesses are keen to leverage it to thrive in the new normal.
Since digitalization among SMEs has picked up pace, there is an increased focus on cybersecurity, not least because the increase in the attack surface available to hackers and malicious actors mirrors the pace of digitalization.
“The challenge that SMEs are facing is that we are living in a hyper-connected, digital-first world where customers want instant gratification. This means they have little leeway, if any, for a cybersecurity incident to disrupt their operations,” said Juan Huat Koo, Director Cybersecurity, Cisco ASEAN.
Therefore, they need to be able to detect, investigate and block or remediate any cyber incident as quickly as possible.
SMEs in Vietnam are taking steps to become more resilient on the cybersecurity front, with 88% saying they have completed scenario planning and simulations for potential cybersecurity incidents.
Realistic scenario planning and simulation is a key feature in cyber preparedness, mainly because it helps SMEs uncover weaknesses in their security posture before attackers can exploit them.
SMEs are also ensuring that they support their preparedness plans with investment. Some 87% of Vietnamese SMEs have increased their investment in cybersecurity since the start of the Covid-19 pandemic.
Over half of SMEs spend 4-5% of annual revenue on cybersecurity, while 16% spend 6-10%, and 11% spend over 10%.
An encouraging point is that increased spending has been distributed evenly across key areas, which suggests a strong understanding of the need for a multifaceted and integrated approach to building a strong cyber posture.