Cybersecurity professionals key to filling gaps in cyberattack environment

In the first few months of 2024, a number of cyberattacks on the VNDirect and PVOIL systems sent a warning sign about the evolving threat of hacks in Vietnam. The incidents prompt companies to consider their investments in the security system.

Ngo Tuan Anh, vice president of the Vietnam Information Security Association (VNISA), noted that spending a large sum of money was not enough to ensure the safety and security of the system.

Three factors should be considered, including good technology, good personnel to implement and monitor the threats, and a good operation process to ensure safety and avoid human errors.

"The majority of cyberattacks are caused by gaps in the operation and people. Intruders often take advantage of the weak links to compromise the system," he said, adding that the cybersecurity skill shortage remained an issue facing the industry.

According to the Ministry of Information and Communications, there are 3,866 employees working in the cybersecurity sector as of 2023, a 13 per cent rise from 2022. However, the figure is too small to address the enormous workloads resulting from the growing trend of cyberattacks against individuals, businesses, and organisations.

Pham Trung Duc, service manager of VNPT Cyber Immunity said, "The number of cybersecurity professionals in Vietnam is like a drop in the ocean. On the other hand, it is estimated that there are more than 77,400 cybersecurity employees in Singapore, which is much smaller than Vietnam in area and population. Still, Singapore reports a shortage of more than 6,000 employees in this field."

In the same vein, Ha The Phuong, CEO of CMC Cyber Security said, "Vietnam is facing a shortfall in cybersecurity talent in both quantity and quality. Most graduate students in this field lack the skills to implement real-world projects. Meanwhile, universities are under pressure to train sufficient students amidst the shortage of qualified teachers. To solve the problem, many cybersecurity companies have to take students from other industries and retrain them to work in this field."

Due to the talent shortage, cybersecurity professionals are facing more burnout.

According to the “The Future of Cybersecurity in Asia Pacific and Japan” report by Sophos in collaboration with Tech Research Asia (TRA), 90 per cent of respondents in cybersecurity and IT roles are impacted by burnout and fatigue.

The study revealed that burnout is felt across almost all aspects of cybersecurity operations, with 30 per cent of respondents saying that feelings of burnout increased “significantly” in the last 12 months with 41 per cent saying that this burnout makes them “less diligent” in their cybersecurity roles with 17 per cent of respondents identified that cybersecurity burnout or fatigue contributed to, or was directly responsible for, a cybersecurity breach and 17 per cent of companies experienced slower than average response times to cybersecurity incidents.

There are five main causes of cyber burnout and fatigue, including a lack of resources available to support cybersecurity activities and the routine aspects of the role, which create a feeling of monotony.

Another cause is an increased level of pressure from board and/or executive management. Meanwhile, persistent alert overload from tools and systems also contributes to cyber burnout and fatigue. Finally, there is an increase in threat activity and the adoption of new technologies that foster a more challenging, "always on" environment.

“At a time when organisations are struggling with cybersecurity skills shortages and an increasingly complex cyberattack environment, employee stability and performance are critical for providing a solid defence for the business. Burnout and fatigue are undermining these areas and organisations need to step up to provide the right support to employees, especially when, according to our research, 17 per cent of respondents identified that cybersecurity burnout or fatigue contributed to, or was directly responsible for, a cybersecurity breach,” said Aaron Bugal, CTO at Sophos.

"Although there's not a simple fix, an attitude adjustment would go a long way to define the right expectations around what it means to evolve into a cyber-resilient business. Boards and executive committees need to drive change and demand responsibility from their deputised charges, in essence for better governance around cyber approaches. However, they need to clearly articulate their accountability in developing and maintaining a plan because cybersecurity is now a perpetually interactive sport – and there needs to a team that provides adequate coverage around the clock,” he said.

Few organisations prepared for cyber threats: Cisco Only 6 per cent of organisations in Vietnam have the ‘Mature’ level of readiness needed to be resilient against modern cybersecurity risks, according to Cisco’s 2024 Cybersecurity Readiness Index released on March 28.

How companies can ramp up cybersecurity protections As Vietnam’s digital economy grows, so does the bullseye for cybercriminals. Cyberattacks - numbering approximately 13,900 - have rippled through Vietnam’s systems, seizing more than 83,000 computers and servers with encryption ransomware in the past five years.

Companies wary of cybersecurity threats Cybersecurity has gained more attention during the annual general meeting season following the surge in ransomware attacks in the first quarter of 2024.