Cybersovereignty, data governance, identity-centric security and data privacy compliance are among key security and privacy features that should come under spotlight this year, according to a cybersecurity pundit.
Prinya Hom-anek, a member of the National Cyber Security Committee, told the Bangkok Post information in social media is soft power that can influence people's views.
As Thailand does not have its own social media platforms, it is difficult to regulate them, which "takes a toll on the country's cybersovereignty," he said.
Without proper cyberliteracy and immunity, people are at risk of being "victimised by information operations or propaganda through social media," he said.
Social media and artificial intelligence have the ability to feed information that fits user preferences and users may receive information with only half-truths, he said.
Digital literacy and digital immunity for citizens need to be scaled up and the country should also build its own digital platforms, which could help ensure data sovereignty and ward off manipulation, Mr Prinya said.
Cyber and data sovereignty need to be underscored and discussed at the national level so as to fend off national security threats, he said.
Critical infrastructure needs to be secured as the country stands among the top five targets of cyberattacks in Asean.
Mr Prinya said the government needs to play a role in pushing for domestic digital platforms while collecting value-added taxes from foreign platforms.
The country could face 286 billion baht in losses from cybersecurity attacks if it fails to put proper preventive measures in place.
Data governance also needs to be underscored as businesses have to manage, use and protect their data regardless of whether it is stored in premises or outside facilities.
Thais need to attach importance to identity-centric security by adopting two-factor authentication (2FA), or two-step verification, to access online services and ward off security threats.
People's digital footprints through online channels could be used by digital platforms to feed advertisements to them or boost their experiences, and this is a challenge for personal data privacy protection, he said.
Security needs to be integrated by design, development and operation.
Mr Prinya said enterprise data leaks could be more common due to the proliferation of connected device usage and cloud adoption, which could pose security challenges.
Businesses, individuals and company employees authorised to make payments are at risk of falling prey to cyber-attackers, who use social engineering to gain access to victims' devices and make money transfers.
The compliance with the Personal Data Protection Act (PDPA), scheduled to be fully implemented in the middle of this year, is necessary to ward off risks of exposing digital footprints, he said.
He said AI with ethical use needs to be underscored, adding AI was found to have been misused as propaganda tools or employed for unlawful activities.
The final trend concerns cyber-insurance, which is likely to become mandatory among enterprises this year.
"It is impossible to avoid cyber-attacks but firms can minimise losses through insurance and improve cyber-incident responses," Mr Prinya said.