Nearly 440 million compromised accounts in Vietnam in 2024 — this is the figure announced by VSEC at the 7th Vietnam Security Summit 2025 held this afternoon, May 23, at GEM Center, based on statistics from the VSEC Threat Intelligence platform. A VSEC representative emphasized that businesses must adopt a proactive strategy to anticipate cybersecurity risks, rather than passively waiting for incidents to occur.

Cyber threats are real — and always present

No business is unfamiliar with this reality—yet none can confidently say, “I know for certain whether my IT system is secure or has already been breached and under control for some time.” This is a shared concern among information security managers not only in Vietnam but globally, as the pace of digitalization and the expansion of services on cloud infrastructure continue to accelerate.

According to projections by IoT Analytics, the number of connected IoT devices worldwide is expected to reach 40 billion by 2030. In Europe alone, 75% of businesses are anticipated to adopt cloud computing technologies for their operations by the same year (according to the European Commission). As digital connectivity expands and the digital decade unfolds, cybersecurity threats are becoming more apparent and pressing than ever before.

In the session “Cloud Security in a Digital World,” Mr. Phan Hoang Giap – CTO of VSEC – highlighted the growing complexity of modern cyberattacks, such as Advanced Persistent Threats (APTs), Zero-day Exploits, sophisticated evasion and stealth tactics, polymorphic/metamorphic malware, fileless attacks, and even attacks delivered through third-party software and services.

Based on VSEC Threat Intelligence’s 2024 monitoring data, there are 257 active hacker groups operating globally, with 19,471 ransomware victims recorded—36 of whom are based in Vietnam. The report also reveals that 523,110 compromised devices and 435,343,839 leaked accounts have been detected in Vietnam alone. The information that end users typically know about recent cyberattacks is merely the tip of the iceberg.

Mr. Phan Hoang Giap – CTO of VSEC, speaking at the 7th Vietnam Security Summit 2025

Proactively anticipating cybersecurity risks

In response to escalating cybersecurity threats—especially on internet-connected and cloud-based platforms—VSEC highlights three essential strategies that enable digital enterprises to proactively manage cyber risks. Specifically, these include proactively “screening” for hidden threats through Compromise Assessment, “vaccinating” against vulnerabilities via Red Teaming, and continuously “sweeping” for potential exposures using VSEC’s Attack Surface Management service. With these measures, organizations can maintain clear visibility into the current security posture of their IT systems.

Instead of merely asking: Has my system been breached? Are any of my organization’s accounts or data exposed on the internet? How might hackers be viewing my infrastructure? Which digital assets require evaluation? — VSEC experts advise businesses to take the next step by establishing a comprehensive, end-to-end cybersecurity framework.

Security consulting at VSEC’s booth – a Managed Security Service Provider (MSSP) in Vietnam since 2003

“It’s not easy to determine whether your system is truly secure—but it is absolutely achievable,” emphasized a VSEC representative. In addition to rigorous compliance with basic protocols such as password changes, timely software patching, and security awareness training for employees, these simple measures alone can reduce cyber risks by up to 50%.

For organizations in the financial sector or those managing high volumes of sensitive digital assets, 24/7 SOC (Security Operations Center) monitoring and periodic compromise assessments are imperative to continuously track and manage the “health” of their IT systems.

In today’s rapidly evolving digital era, a strong and secure digital foundation is critical—not only for building customer trust but also for enabling strategic partnerships with global-scale enterprises. Certifications from professional MSSPs are now essential, serving as a trusted assurance that the organization is actively safeguarding itself against persistent cybersecurity risks.

About VSEC:

VSEC is the first MSSP in Vietnam to simultaneously achieve dual CREST certifications for Penetration Testing and Security Operations Center (SOC) in 2023. As Vietnam’s earliest cybersecurity provider and the nation’s first Cybersecurity Threat Alert Center, VSEC has operated since 2003.

In addition to traditional services such as Penetration Testing, Red Teaming, and SOC, VSEC also offers modern security solutions including MDR (Managed Detection and Response), DFIR (Digital Forensics and Incident Response), CA (Compromise Assessment), Pentest as a Service, and Attack Surface Management. VSEC also integrates AI-powered platforms such as Threat Intelligence, XDR, and more.

Learn more at ICTVietnam