Final quarter before the new cyber security law takes effect: what should businesses do?

With the effective date of Cyber Security Law No. 116/2025/QH15 approaching on 1 July 2026, businesses are being urged to focus not only on increased security investment, but also on correctly identifying which weaknesses to address first—so that a small incident does not escalate into a major loss.

Rising harm despite fewer incidents

Pressure is increasing in Vietnam’s current risk environment. A survey by the National Cyber Security Association covering more than 5,300 agencies, enterprises, and organizations reported that in 2025 Vietnam recorded about 552,000 cyber attacks. While the number of incidents declined, the damage level rose: 52.30% of surveyed units said they suffered harm from cyber attacks, up from 46.15% in 2024.

Attack methods are shifting toward “normal” access

Globally, attack methods are changing rapidly. Check Point reported that 82% of malicious files spread via email. CrowdStrike reported that 82% of detections in 2025 were malware-free. The implication is that attackers are increasingly exploiting valid accounts and normal-looking access streams rather than breaking in directly.

The central concern, according to the article, is not simply whether a company is attacked, but whether it detects attacks too late, mis-prioritizes remediation, and responds slowly.

Where delays can turn into major losses

The article highlights three key areas where weaknesses exploited late can lead to escalating impact:

• Operational disruption: If exploited weaknesses involve email, VPN, privileged accounts, publicly facing web applications, or core systems, companies may face service outages, transaction bottlenecks, or internal operational breakages.
• Data leakage and long-term consequences: As data becomes a more attractive target, losses extend beyond missing information to include reduced trust from customers, partners, and the market.
• Rising remediation costs: When attackers use legitimate accounts and appear normal externally, organizations may remain unaware internally that they are compromised—making remediation more complex and costly.

Prioritization is the bottleneck

Mr. Tran Quoc Chinh, Vice Chairman of the CMC Technology Group and CEO of CMC Cyber Security, said: “The biggest bottleneck for many businesses today is not a lack of reporting, but a lack of a clear prioritization order to act. If risk is not mapped against operations, data, reputation and compliance, a company can address many issues but still miss the most dangerous point.”

Recommended starting point in the lead-up to the law

The article advises that, in the remaining weeks, businesses should not simply add more security tasks, but define a minimal yet sufficiently critical scope to act on immediately—especially where exploitation likelihood is high and potential impact on operations, data, and reputation is greatest.

Prioritization areas listed include:

• Email
• VPN/remote access
• Privileged accounts
• Publicly facing web applications
• Customer data and transaction data

It also states that this phase should produce at least four outputs: an asset-based risk map, the actual attack paths to block as a priority, a remediation list ordered by priority, and areas that must be continuously monitored.

Why penetration testing and 24/7 SOC matter

The article argues that penetration testing (Pentest) should be prioritized because it helps businesses understand how a single weakness could chain into deeper compromise—potentially reaching data, privileges, or core systems.

Mr. Vu Xuan Binh, Director of the Penetration Testing Center at CMC Cyber Security, emphasized: “What a business needs is not a longer list of vulnerabilities, but a clear understanding from a single weakness of how far an attacker could penetrate, what they could gain, and the impact on business operations.”

It also highlights 24/7 SOC capability as a defensive layer to reduce detection gaps. As attackers increasingly “log in” rather than “breach,” the value of SOC is described as continuous monitoring of abnormal behaviors to detect issues early—before an incident becomes a large loss.

Connecting assessment, testing, and monitoring into an action plan

To support a clearly defined action plan, the article describes CMC Cyber Security’s approach of linking security assessment, Pentest, vulnerability assessment (VA), and 24/7 SOC into a single chain of actions. The goal is to help businesses identify which weaknesses to address first, which attack paths to block, and which areas require continuous monitoring.

The article states this capability is supported by nearly 20 years of cybersecurity experience. It also notes that, in the monitoring layer, CMC Cyber Security deploys SOC across multiple platforms using homegrown technology combined with solutions from global partners. In the testing layer, it says CMC Cyber Security’s CREST membership strengthens practical capabilities in simulating attack scenarios and evaluating weaknesses, including OT and IoT environments—systems described as increasingly targeted by attackers.

Learn more at https://cmccybersecurity.com/.