Compared with other countries across Asean, Thai corporations experienced the least number of disruptive attacks in the region during the past year, with 22% of organisations reporting an increase in incidents of 50% or more, according to global cybersecurity firm Palo Alto Networks.
Cybersecurity continues to be a top priority for businesses in Thailand to deal with increasingly sophisticated threats, according to a survey on the state of cybersecurity in Asean.
Malware is a top concern for 60% of organisations in Southeast Asia and 57% in Thailand, the survey found.
The survey was conducted online in April among 500 corporate IT decision-makers and business leaders across five key industries: services (banking, financial), government/public sector/ essential services, telco/tech/communications, retail/hotel/food and beverage, transport and logistics, and manufacturing.
There were 100 respondents each from Singapore, Malaysia, Indonesia, the Philippines and Thailand.
Tatchapol Poshyanond, country director, Thailand and Indochina of Palo Alto Networks, said Thai organisations faced three main cybersecurity challenges, including unmonitored Internet of Things (IoT) devices and unsecured IoT devices (54% of respondents), the need to procure a wider array of cybersecurity solutions (47%) and an increase in digital transactions with third parties (47%).
The attacks of most concern to Thai organisations are malware (57%), account takeover (57%) and password attacks (53%).
Mr Tatchapol said the study found that Thai corporates experienced the least number in terms of cybersecurity risk exposure. Only 37% of organisations in Thailand perceive a high or very high risk of cyberthreats, the lowest in Asean.
Among businesses that were confident about tracking cybersecurity breaches, 22% claim the number of disruptive attacks has increased by more than 50%.
However, Mr Tatchapol added that the lower number of disruptive cyber-attacks in Thailand compared to other Southeast Asian countries was based on the respondents' perception. It does not mean they should be comfortable with the results of the survey.
"Cybersecurity still needs to be at the top of the minds of management, as threat actors continue to evolve in their tactics and sophistication," he said.
The survey noted that 38% of local organisations reported that cybersecurity is discussed at the board level on a monthly basis.
Furthermore, 49% of the respondents in Thailand have increased their cybersecurity budget due to optimising operations (54%), new or changing regulations stemming from data privacy laws (44%), increasing digitisation (37%) and the changing threat landscape (37%).
Mr Tatchapol said the top three cybersecurity strategies in Thailand include securing IoT/OT (43%), revamping threat detection and correlation systems/platforms (40%), identity and access management (38%) and security orchestration, automation and response (SOAR) strategies for the security operation centre (38%).
"Attack surfaces continue to expand with digital transformation. This is particularly apparent in industries such as the banking and financial sector, for which digital transformation is always expected, and competition is fierce," Mr Tatchapol said.
Organisations in Thailand, including those in the banking and financial industry, need to build robust IT infrastructure in order to ensure their readiness to tackle various security vulnerabilities, he said.