State Audit Office Tightens Cybersecurity as Vietnam Ranks Among Top 10 Most Cyber-Attacked Nations Globally

During the conference, Deputy Auditor General Bui Quoc Dung outlined specific measures to strengthen and enhance the security of the information system. He directed the IT Department to collaborate with cybersecurity drill units and safety assessment teams to promptly patch all identified application vulnerabilities. The goal is to ensure these vulnerabilities are not exploited further, with a target to achieve the highest security level (Level 4) for non-defense and security ministries by mid-2026. Advanced access control solutions, including multi-factor authentication (MFA) and device control, will be implemented to prevent unauthorized access, even if user accounts are compromised. Additionally, an industry-wide alert will be issued to raise awareness about cybersecurity threats and phishing tactics.

Deputy Auditor General Bui Quoc Dung emphasized that while the State Audit Office’s (SAO) IT system has a robust three-layer defense, it remains vulnerable to attacks. He noted, “As discussed, our security measures can ensure up to 95% protection, but risks persist due to user errors, such as weak passwords or unsafe access practices.”

Therefore, the SAO prioritizes investing in information security and promoting cybersecurity awareness across the organization in 2025 and beyond.

In related news, the SAO has established the IT Audit Division under the IT Department. A key responsibility of this division is to conduct IT audits to identify challenges faced by ministries and agencies in technology procurement and investment. These audits will inform policy recommendations to address these issues effectively.

At the conference, Pham Huy Thong, Acting Director of the IT Department, highlighted the critical role of cyberspace as a “soft border” in national security during the digital transformation era. Alongside growth opportunities, cybersecurity threats are escalating in scale and sophistication. In the first half of 2025, Vietnam recorded over 8.5 million compromised accounts, nearly 530,000 DDoS attacks, and 191 data breaches affecting over 3 billion records—triple the number from the same period in 2024. Ransomware attacks caused losses exceeding $10 million, with over 3 terabytes of data encrypted. Vietnam ranks among the top 10 countries most affected by cyberattacks globally, with critical systems in finance, banking, telecommunications, and government agencies becoming prime targets, impacting economic security and societal well-being. A notable incident involved the Credit Information Center (CIC) under the State Bank of Vietnam, where hackers attempted to steal personal data, currently under investigation by VNCERT.

Recognizing the importance of cybersecurity for the audit sector’s data infrastructure, the State Audit Office has made it a top priority. The SAO’s IT system is a critical national data infrastructure, supporting audit activities and storing vast amounts of sensitive financial and public asset data. Ensuring its security is essential for maintaining transparency, credibility, and operational efficiency. SAO leadership emphasizes that safeguarding this system is crucial for fulfilling its mandate and maintaining public trust in governance.

During the conference, representatives from Viettel Cyber Security (Red Team) and NGS Corporation (Blue Team) presented findings from a cybersecurity drill targeting the SAO’s document management system. The results showed that the SAO’s IT system successfully repelled all simulated attacks, except for an instance where attackers used leaked credentials from the dark web to gain access. However, the SAO’s defense team swiftly detected and neutralized the threat, preventing any compromise of the core system. This underscores the importance of proactive security measures and rapid response capabilities in today’s threat landscape.