The rise of cyberthreats is setting off alarm bells among state and local governments, forcing them to pay attention to the problem and invest in cybersecurity measures, says Fortinet Thailand, a local unit of the US cybersecurity firm.
"State and local governments are seen moving towards investment in cybersecurity measures due to the rise of attacks and they are among attackers' top targets," said Rattipong Putthacharoen, senior manager for systems engineering at Fortinet Thailand.
According to the "2020 Verizon Data Breach Investigations Report", ransomware is the most common cyberthreat for the public administration sector in the US, with 61% of ransomware attacks being malware cases.
In Thailand, a public hospital was hit by hackers in September in a data ransom situation.
According to Fortinet, for ransomware attacks in the first half of this year globally, the government sector was ranked fourth in terms of attacks with 13.5% of the total, trailing the education sector in third place with 13.9%.
The top two were telecom sector and security service providers with 20.3% and 15.8%, respectively.
The public administration sector is facing challenges to address security issues since agencies and departments usually have their own data storage, which is difficult to control in a systematic manner, Mr Rattipong said.
Meanwhile, increasing use of multi-cloud, Internet of Things (IoT) and Software as a Service (SaaS) also bring further exposure to security threats.
Government agencies have to work to comply with the Cybersecurity Act to ensure cyberprotections in connection with security operation centres, access control as well as email and application security.
Fortinet has technology and guidelines that can assist the government in identifying risks, detecting threats, responding to incidents as well as protecting and recovering data, he said.
The company works in compliance with the US's National Institute of Standards and Technology Cybersecurity Framework -- the best practice for critical infrastructure.
According to Mr Rattipong, with the Personal Data Protection Act being fully implemented in June next year, there is still concern about data classification as some large organisations may need at least six months to adapt to the law due to huge volumes of data.
"We have guidelines and technological tools for data loss prevention and access control as well as encryption," he said. "Compliance is a critical part of cybersecurity strategy."
With the rise of telework adoption in the wake of the pandemic, stringent verification and minimum privilege for access is needed, said Mr Rattipong.
Amid the proliferation of the multi-cloud adoption, there is a need to draw up security policy and improve workforce skills in this area, he said.
As the government is focusing on government cloud services in line with its 20-year digital roadmap, which started in 2017, it needs to set out a clear security policy and liabilities for cloud service providers, said Mr Rattipong.