Thailand could face a loss of 286 billion baht from cyber-attacks unless it has proper mechanisms and standards in place to guard against the threats, says Fortinet Thailand, a local unit of the US cybersecurity firm.
The firm also suggests businesses gear up to comply with the Personal Data Protection Act (PDPA), which is scheduled to be fully enforced in June of next year, as part of the measures to prevent data breaches amid a surge of ransomware attacks.
"The pandemic has increased cyber-risks following digital transformation by organisations that have become exposed to attacks through cloud usage, high-speed 5G internet connection and working from home," Rattipong Putthacharoen, senior manager for systems engineering at Fortinet Thailand, said via a virtual media briefing.
Citing an IDC InfoBrief entitled "Stop Reacting, Start Strategising", he said cyber-attacks could cost 286 billion baht in damage to the country's digital landscape if no proper mechanism and standards are put in place. IDC is a major provider of global IT research and advice.
Last September, Saraburi Hospital said its computer system was attacked by ransomware. The event sparked concerns about cyberthreats to key infrastructure in the country.
Following the event, the Public Health Ministry spent US$61 million (1.98 billion baht) to safeguard state-run hospitals nationwide.
According to IDC's Asia/Pacific Digital Resilience Scorecard, only 6.7% of organisations surveyed in Thailand said they have a robust approach to cybersecurity. Some 63% said they have a basic portfolio of tools and 3.3% indicated they have sophisticated systems in place to guard against cyberthreats.
IDC suggests existing corporate networks are a top concern for cyberthreats among organisations surveyed in Thailand at 38%, followed by industrial control systems and critical infrastructure (34%) and robotics for manufacturing and supply chain operations (34%).
"As Thailand has postponed the full enforcement of the PDPA, organisations must be prepared with adequate measures to comply with the law to help prevent data breaches," said Mr Rattipong.
Citing the latest FortiGuard Labs Global Threat Landscape Report in the first half of this year, he said ransomware attacks surged 10-fold year-on-year globally.
Nemocod and Locki ransomware groups are very active, while Bangkok Airways was recently hit by a ransomware attack.
In Thailand, more than 18,000 remote desktop systems are connected to the internet and phishing and botnet attacks are the most prevalent, said Mr Rattipong.
Based on an IDC Asia Pacific CxO (chief exponential officers) study in 2021, cost reduction and optimisation topped business priorities at 63%, followed by efforts to build business resilience and mitigate risk at 60.9%. In terms of top tech priorities, focus on security technologies to reduce risk was only 32.6% and efforts to accelerate the shift to the cloud was 26.1%.
There is a misalignment of business priorities and security technology emphasis, he said.