97% of enterprises as the "weak link": Seminar overview and cybersecurity solutions for SME in Vietnam
- Apr 17
- 4 min read
In the national digital transformation process, small and medium-sized enterprises (SMEs) play a vital role. However, the rapid technological advancement is accompanied by unprecedented risks, turning this business group into a prime target for cybercriminals.
To survive, establishing a robust system of cybersecurity for small businesses is no longer an optional accessory but a fundamental requirement determining a brand's survival.
Seminar overview: SMEs as the "gateway" for cyberattacks
At the "Safe Digital Future for Small and Medium Enterprises" forum held on April 15, 2026, in Hanoi, top industry experts painted a challenging panorama of information security.
Statistical data shows that the SME sector currently accounts for 97% - 98% of total enterprises in Vietnam (equivalent to nearly 1.1 million units), contributing 20% of GDP and providing 80% of private-sector employment. The Government has also issued Decision No. 433/QD-TTg, aiming to support at least 500,000 enterprises in digital transformation by 2030. Despite actively adopting digital platforms to optimize workflows, this group exhibits extremely weak digital "immunity".
Colonel, Dr. Nguyen Hong Quan—Deputy Director of the Department of Cybersecurity and High-Tech Crime Prevention (A05, Ministry of Public Security)—issued a stern warning: SMEs are often severely constrained by financial resources, lack technological personnel, and have almost no incident response experience. This vulnerability turns them into the "weakest link" in the digital ecosystem. Hackers no longer solely target heavily defended large corporations; instead, they exploit small businesses as entry "gateways" to launch massive supply chain attacks.
4 core challenges and strict legal barriers
The confusion among small-scale enterprises stems not only from technology but also from management mindsets.
Analyzing the situation at the forum, Mr. Nguyen Hoa Cuong (Deputy Director of the Institute for Policy and Strategy Research) pointed out four core challenges surrounding SMEs today: the rise of direct threats; contagion risks from the supply chain; limited strategic vision (only partial digitization); and a severe lack of both financial foundations and specialized human resources.
A concerning reality is that most business owners still maintain a reactive mindset. They only panic and passively seek solutions after their systems have been crippled by ransomware or customer data has been leaked. Mr. Vu Duy Hien (Deputy Secretary General of the National Cybersecurity Association) emphasized that for SMEs, a data breach is not just a technical error; it directly threatens the brand's existence in the market.
This complacency becomes increasingly dangerous as the legal framework has been tightened with "iron discipline". Effective January 1, 2026, the enactment of the Cybersecurity Law 116/2025/QH15 and Decree 356/2025/ND-CP requires all agencies and organizations to apply strict personal data protection measures. Permitting customer information leaks will force businesses to face extremely severe penalties.
3 strategic security solution groups to optimize SME resources
The business community today does not need generic appeals but rather a practical ecosystem of solutions. Based on recommendations from international security firms like Microsoft, Fortinet, and the current situation in Vietnam, the puzzle of cybersecurity for small businesses can be thoroughly solved through three flexible solution groups:
Group 1: Raising awareness and enforcing basic "cyber hygiene"
Security always starts with people. Microsoft's guidance clearly states that businesses must continuously empower employees with awareness training to combat email phishing scams.
Simultaneously, organizations must strictly maintain "cyber hygiene" measures recommended by Vietnamese experts: using licensed software, enforcing strong password policies combined with multi-factor authentication (MFA), and, most importantly, maintaining regular data backups to ensure rapid recovery if attacked by ransomware.
Group 2: Applying next-generation security tools
Instead of investing billions of VND into bulky physical server systems, SMEs can leverage the power of cloud computing platforms.
Microsoft Solutions: Utilizing Microsoft Defender for Business—a platform specifically designed for organizations with under 300 employees. This solution applies artificial intelligence (AI) for comprehensive endpoint protection, far exceeding the capabilities of traditional antivirus software.
Fortinet Solutions: Minimizing risks by equipping Next-Generation Firewalls (NGFW) to eliminate malicious data packets, combined with Endpoint Detection and Response (EDR) systems to securely control all employee devices when connecting to the corporate network.
Group 3: Leveraging outsourced security services (MSSP)
The vast majority of SMEs do not have an internal IT department and lack the budget to hire dedicated in-house security experts. Therefore, the smartest and most cost-effective strategy is to delegate system operations to professional entities like ipsip.vn:
IT Support / IT Helpdesk Services: IPSIP's engineering team will act on behalf of the business to configure security tools, manage software patches, and execute daily data backups. This keeps the system running smoothly without bearing the burden of expensive in-house personnel costs.
24/7 SOC (Security Operations Center): Breaking the business's passive stance by continuously monitoring network traffic. Instead of waiting for the system to report an error, remote SOC experts act as round-the-clock guards, analyzing activity logs to intercept any hacker intrusion attempts right from the outer perimeter.
Establishing a system of cybersecurity for small businesses should not be viewed as a burdensome expense but rather as a strategic insurance investment. A flexible combination of internal personnel training, equipping modern tools from Microsoft and Fortinet, and utilizing professional support services from IPSIP will create a solid shield. Only when data is secure can SMEs confidently break through in the digital transformation wave and absolutely comply with the latest legal frameworks.
--------------------------------------------------------------------------------
FAQ (Frequently Asked Questions)
Why are small businesses targets for supply chain attacks?
According to Colonel Nguyen Hong Quan (Ministry of Public Security), due to financial constraints and a lack of technological personnel, small businesses become the "weakest link." Hackers attack these organizations first, then use their systems as a springboard (gateway) to infiltrate larger partners and corporations.
What does basic "cyber hygiene" for small businesses include?
Experts at the forum recommend that businesses immediately implement the following steps: use licensed software, regularly update operating systems, apply strong password policies (with multi-factor authentication), and continuously back up data to prevent ransomware attacks.
What solutions help SMEs ensure cybersecurity without an internal IT department?
Businesses should divide solutions into 3 main groups: human training, using cloud tools (like Microsoft Defender for Business, Fortinet), and especially outsourcing services (like IT Support or 24/7 SOC from providers like IPSIP) to optimize costs while maintaining continuous expert system protection.
Comments