The National Cyber Security Agency (NCSA) is focusing on implementing a proactive approach by improving critical infrastructure capabilities and lifting the public's cyber-immunity and cybersecurity awareness.
In fiscal 2024, the agency only has 70 million baht to spend over eight months because of the delayed budget allocation, said AVM Amorn Chomchoey, secretary-general of NCSA, in a group interview.
The 2024 expenditure budget bill is awaiting vetting by the parliament.
The agency wants to emphasise preventive measures in the near term, improving critical infrastructure through risk management, protection, monitoring and incident response preparedness, he said.
"We'll focus on three areas: cybersecurity attacks, such as denial of service and ransomware; online fraud; and cyber-wellness, meaning how to identify misinformation," said AVM Amorn.
Online fraud related to investment in cryptocurrencies resulted in much damage recently, while other kinds of online fraud could cost victims their lives, he said.
NCSA prioritises protecting organisations that have critical infrastructure, said AVM Amorn, with disciplinary and administrative punishment dispensed to leaders of organisations that are unprepared to deal with cyber-risks.
"We need to make enforcement more stringent after educating and preparing people, processes and technologies the past two years," he said. "We'll arrange cyber drills to evaluate their readiness. We're lucky we have not faced attacks on a national level yet, but we need to be ready."
The agency believes the healthcare system has improved readiness to deal with cyberthreats such as ransomware, while schools and universities are still unprepared.
NCSA supports the government's "Cloud First" policy and wants to raise awareness and understanding of secure service standards among cloud users.
Cloud users must also have their own cybersecurity systems in place to protect their organisations, conducting penetration testing, said AVM Amorn.
The agency wants to discuss with the permanent secretary of higher education, science, research and innovation a plan to include cybersecurity knowledge into the school health curriculum, as well as lessons on cyber-wellness, how to create a secure password and avoid cyber-bullying, he said.
In the US, cyber-wellness is taught in grade 3, but AVM Amorn said in Thailand it might be done in secondary schools.
NCSA also wants to encourage cybersecurity coursework in universities, creating a network with employers for related job opportunities, he said.
The agency started a curriculum with Khon Kaen University and expects to have 10 universities follow suit, said AVM Amorn.