At one of An Nguyen’s old jobs in Hanoi, she had a daily ritual: When she wanted to log in to the computer, she had to answer a cybersecurity question such as “What is spear phishing?” or “How does malware work?”
Nguyen did not work in the technology industry, but this was her employer’s way of making sure that all staff had at least a basic understanding of good cyber awareness.
Vietnam could use more people like Nguyen, according to security professionals. They say the country’s small businesses, in particular, do not realize how big a threat they face from hackers or other sources of data breaches.
“Cybersecurity for us, sometimes we are too confident -- or maybe we are ignorant,” Nguyen, who has since started her own business, said regarding Vietnamese apathy toward computer security. “So we don’t care much about that.”
But small and medium enterprises (SMEs) should care, cyber professionals say, especially considering the factors that make security risks even more acute in Vietnam. These include the Southeast Asian country’s widespread use of pirated software, the high internet penetration among a tech-loving society without the IT support to match, and the love-hate relationship with China.
There are two kinds of people, said Vu Minh Tri, vice president of cloud services at the gaming company VNG, deploying a favorite global cliche -- those who have been hacked, and those who do not know that they have been hacked.
“There is a very true saying that there is no company, or no organization, or no computer not impacted by malware,” Tri said. “There’s only organizations, computers, or people not aware the computer is impacted. So all are impacted. It’s just a matter of whether you're aware or not.”
A new wrinkle in the story comes from neighboring China, with some cyber-attacks believed to be related to its Belt and Road Initiative, which aims to connect many countries from Asia to Europe through infrastructure projects. Research from the security firm Fireeye suggests Chinese hackers may be used either to defend Beijing’s partners in the Belt and Road, such as Cambodia, or to target those that do not play ball, like Malaysia.
Vietnam has taken a cautious approach to the initiative, with some scholars expressing concern about risks like burdensome loans and over-reliance on China. The Southeast Asian country also has reason to worry about potential cyber fallout. In one famous case, Chinese internet protocol addresses were suspected in the 2016 hack of Vietnamese airports, where screens displayed messages challenging Hanoi’s claims in the South China Sea.
“In this digital era, Asia Pacific region has become the largest digital market in the world, creating tremendous business opportunities for SMEs,” Jason Kao, director of the Asia-Pacific Economic Cooperation’s SME crisis management center, told small businesses at a Ho Chi Minh City workshop his office sponsored last week.
But not enough of these small and medium-sized enterprises are paying attention to online security, Kao warned.
“Since more businesses use computers to connect their customers and store data, cyber-attacks and data leaks can cause serious harm,” he said.
The cost burden is understandable, though, he added.
On the one hand, a small business might be too little to attract the unwanted attention of hackers. On the other hand, they might be too small to bear the expense of insuring or guarding against attacks.
“As we talk about cost and benefit, we know that we have to buy insurance contracts, we know that we have to protect ourselves,” Nguyen said. “But we don’t have enough resources.”
That is the reason ripped software remains popular in Vietnam, earning it a spot among countries to watch in the U.S. Trade Representative’s report on intellectual property. Thanks to this pirated software, overseas hackers can access Vietnamese computers, which they use in denial of service attacks - sending so many requests to target websites that the sites become overloaded and shut down.
At the same time Vietnam lacks the information technology specialists who can alleviate some of these dangers. By one estimate, the country could face a shortage of one million IT staffers by 2020.
In the meantime, security advisers offer some basic reminders to increase safety online. Do not click on links, in emails or otherwise, if they are even slightly questionable. Use strong passwords and do not reuse them across different accounts. And of course, avoid pirated software.