As the digital landscape evolves, so do the threats that come with it. A recent report by Cisco highlights the alarming state of cybersecurity readiness in Vietnam, revealing that only 11% of organizations have reached a 'mature' level of preparedness to tackle current cyber threats. This marks a modest increase from just 6% the previous year, but the overall situation remains dire.
According to Cisco's Cybersecurity Readiness Index 2025, a staggering 87% of organizations reported experiencing AI-related security incidents in the past year. This statistic underscores the growing complexity of cybersecurity challenges as artificial intelligence (AI) becomes more integrated into business operations. However, only 55% of survey participants felt their employees truly understood the threats posed by AI, and a mere 53% believed their teams fully grasped how malicious actors exploit AI for sophisticated attacks.
Jeetu Patel, Cisco's Product Director, noted that the rise of AI has introduced unprecedented risks to organizations. "As AI transforms businesses, we face a new kind of risk on an unprecedented scale, putting immense pressure on infrastructure and security teams," he explained. The report indicates that 60% of organizations suffered cyberattacks in the past year, with external threats from hackers and state-sponsored groups perceived as more severe than internal risks.
The urgency for organizations to enhance their cybersecurity strategies is palpable, especially as 78% of survey participants anticipate operational disruptions due to cybersecurity incidents within the next 12 to 24 months. Cisco's report emphasizes the need for organizations to invest in AI-driven solutions, simplify their security infrastructure, and improve awareness of AI-related threats.
Despite the challenges, organizations are increasingly leveraging AI to bolster their cybersecurity measures. A remarkable 96% of organizations utilize AI for threat detection, while 81% employ it in incident response and recovery efforts. However, the report raises concerns about the deployment of Generative AI (GenAI) tools. While 44% of employees are using approved third-party GenAI tools, only 25% have unrestricted access to public GenAI tools, highlighting significant gaps in understanding and control.
Furthermore, 62% of organizations admitted lacking confidence in detecting employees using uncontrolled AI, or Shadow AI, which poses serious risks to data security and privacy. The report also highlights the dangers posed by unmanaged devices, as 90% of organizations face increased security risks when employees access networks from these devices.
Investment in cybersecurity remains a pressing issue. While 99% of organizations plan to upgrade their IT infrastructure, only 52% allocate more than 10% of their IT budgets to cybersecurity, a decrease from the previous year. This lack of investment is particularly concerning given the complex security landscape, where 84% of organizations reported that their current security infrastructure is too complex to respond quickly and effectively to threats.
Amid these challenges, the shortage of cybersecurity experts is a significant barrier to progress. A staggering 95% of survey respondents identified this shortage as a major challenge, with 42% indicating a need to recruit more than 10 specialized positions. This talent gap exacerbates the difficulties organizations face in addressing cybersecurity threats.
As organizations navigate these complexities, Cisco Vietnam's General Director, Nguyễn Như Dũng, emphasized the importance of a new approach to cybersecurity. "AI opens up many new opportunities but also increases complexity in an already challenging cybersecurity landscape. It is time for a new approach to cybersecurity issues—one that not only leverages AI to enhance security but also ensures that AI operates safely and can be scaled effectively," he stated.
In addition to these findings, Kaspersky's 2025 ransomware report reveals a decrease in the number of ransomware detections by 18% from 2023 to 2024, yet the percentage of users affected by these attacks increased slightly by 0.44%. This paradox highlights a troubling trend: while fewer incidents are reported, the severity and impact of ransomware attacks are growing.
According to Kaspersky, 41.6% of cybersecurity incidents in 2024 were linked to ransomware, up from 33.3% in 2023. This shift suggests that ransomware remains a primary threat to organizations worldwide. The report also discusses the emergence of ransomware-as-a-service, where cybercriminal groups provide ransomware to affiliates, allowing for the creation of extensive attack networks with profit-sharing arrangements that favor the affiliates.
While many ransomware attacks continue to target Windows systems, groups like RansomHub and Akira are diversifying their targets to include Linux and VMware systems, especially in cloud and virtualization environments. This evolution in tactics indicates that cybercriminals are adapting to security measures and exploring new avenues for exploitation.
Interestingly, while the total amount of ransomware payments decreased significantly in 2024 to approximately $813.55 million—a 35% drop from the record $1.25 billion in 2023—the average ransom payment surged from $1,542,333 in 2023 to $3,960,917 in 2024. This shift reflects a trend where ransomware groups are increasingly targeting larger organizations capable of paying higher ransoms.
As ransomware tactics evolve, organizations must remain vigilant and proactive. Kaspersky advises adopting multi-layered defense strategies to combat the developing tactics of groups like FunkSec and RansomHub. Proactive prevention, including patch management and vulnerability management, is crucial, as many ransomware attacks exploit unpatched systems.
In conclusion, the cybersecurity landscape in Vietnam and beyond is fraught with challenges as organizations grapple with the complexities introduced by AI and evolving cyber threats. The need for a robust, adaptive approach to cybersecurity has never been more urgent. Organizations are urged to prioritize investment in cybersecurity measures, simplify their security infrastructure, and enhance their understanding of AI-related threats to safeguard their operations in this rapidly changing digital world.
