FATech Admin
IT Specialist
The Current State of Cybersecurity in Vietnam
According to a 2024 report by VNCERT, the number of cybersecurity incidents targeting Vietnamese businesses increased by 43% compared to 2023. More concerning is that 67% of these incidents stemmed from known vulnerabilities and were entirely preventable.
Vulnerability #1: Weak Passwords and Poor Account Management
This remains the leading cause of security breaches. Common issues include:
- Using device default passwords (admin/admin, admin/1234)
- Shared admin accounts used by multiple people
- Lack of a policy for regular password rotation
Solution: Implement Multi-Factor Authentication (MFA) and a centralized password management system such as Microsoft Entra ID (Azure AD). Require complex passwords of at least 12 characters.
Vulnerability #2: Lack of Network Segmentation
Many SMEs operate all devices on a flat network without segmentation. This means that if a device is compromised, an attacker can move freely throughout the entire system.
Solution:
- Create dedicated VLANs for each department (accounting, operations, IT)
- Isolate IoT devices and IP cameras on a separate VLAN
- Set up a DMZ for public-facing servers
Vulnerability #3: Improperly Configured Firewall
Having a firewall does not guarantee system security. Many businesses install firewalls with default configurations or "allow all outbound" rules—completely disabling protective features.
Solution:
- Apply the least privilege principle: only allow traffic that is truly necessary
- Enable IPS/IDS (Intrusion Prevention/Detection System)
- Audit firewall rules every six months to remove outdated rules
Vulnerability #4: Out-of-Date Software and Firmware
73% of successful attacks exploit vulnerabilities for which patches are already available. However, many businesses delay updates due to concerns about operational disruptions.
Solution:
- Establish a patch management process with a specific schedule
- Test patches in a staging environment before deploying to production
- Prioritize patching vulnerabilities rated Critical (CVSS ≥ 9.0) within 24 hours
- Use tools like Microsoft WSUS or Qualys to automate the process
Vulnerability #5: Lack of Monitoring and Anomaly Detection
Not all attacks are loud. Many APTs (Advanced Persistent Threats) operate silently within corporate networks for months before being detected.
Solution:
- Deploy SIEM (Security Information and Event Management) to aggregate and analyze logs
- Set up alerts for unusual behavior: logins outside of business hours, bulk file access, connections to unknown IP addresses
- Conduct annual penetration testing to proactively identify vulnerabilities
Conclusion
Security is not a static state but an ongoing process. Businesses need to build a security culture from leadership down to employees, while investing in appropriate tools and training.
FATech offers comprehensive Security Assessment services to help businesses identify and address vulnerabilities before they are exploited.