Thailand advised to take proactive cyberlaw stance
Thailand needs to establish cybersecurity and data protection laws in order to tackle the surge in more sophisticated cyberattacks, says DellEMC, a leading information management firm.
Most countries have already endorsed privacy protection laws, but Thailand has yet to do so, said P K Gupta, global presales leader for data protection solutions for DellEMC. He suggested laws that balance data protection for citizens and flexibility for businesses,
However, he added: "The growth of cybercrime worldwide has encouraged the country to initiate a national cybersecurity agency to tackle the incidents that impact organisations."
WannaCry, a recent ransomware attack on computers in 150 countries within a short period, is an example of the looming possibilities of serious cybersecurity crime. Statistics say every second, 19 personal identity or details are stolen online globally, with 1.5 million records exposed in 2015. There are over 1 million daily cyberattacks, and almost 500 new malware threats every minute.
By 2020, it is predicted that 60% of digital businesses will experience a major service failure because of IT security risks.
According to Osterman Research August 2016, ransomware and other types of data breaches will cost US$3 trillion (102 trillion baht) by 2020 from $450 million in 2016. Last year, there were 4,000 daily ransomware attacks, from 1,000 in 2015, resulting in revenue losses for one third of these businesses. Healthcare and financial services have become the most common target for ransomware attacks.
Thailand also needs to consider implementing a national data recovery system, a backup system that supports data most critical for the country, separate from the data protection system, which countries like India and Australia have invested in, said Mr Gupta.
Australia has appointed a cybersecurity ambassador to streamline cybercrime cooperation with other countries.
Mr Gupta also suggested that Thailand set up rules for cross-border data transfer.
In Europe, the newly appointed General Data Protection Regulation (GDPR), which will replace the EU's Data Protection Directive from May 25, 2018, not only affects Europe but also countries that deliver products and services to EU countries.
Under GDPR rules, customers have a right to command businesses to wipe out their personal data if they are no longer customers. Businesses violating the requests can be fined up to €20 million (763 million baht) or 4% of annual turnover.