Professional targeted attacks, including on industrial and critical infrastructure, are global cyberthreat trends, while the use of operational technology (OT) in Thailand needs to be more secure in this connected world, said Eugene Kaspersky, chief executive of global cybersecurity firm Kaspersky.
"We observe that highly complex, professional attacks have become massive in scale," Mr Kaspersky said at the Cyber Immunity for a Secure Digital World seminar on Thursday, organised by Thailand's National Cyber Security Agency (NCSA).
He said the top targets are the industrial, government and financial sectors. The attackers are focusing more on targeted industries that have deployed OT-connected machinery and the critical infrastructure.
OT refers to companies' use of hardware and software to control industrial equipment.
Kaspersky's detection systems discovered an average of 400,000 new malicious files daily worldwide in 2022, demonstrating a 5% jump when compared to 2021. In total, 122 million malicious files were detected last year, 6 million more than during 2021.
According to Kaspersky, Thailand demonstrates some interesting numbers in terms of its OT systems. For the major malware types, percentages in the country are slightly lower or almost equal to the world average. But the percentage of OT computers on which malicious documents and viruses were blocked in Thailand last year was noticeably higher than the global average.
Eugene Kaspersky, CEO of Kaspersky, shares his insights with the NCSA.
As malicious documents are most often delivered via phishing attacks, the firm suggested anti-phishing protection improvement in the country, from the perspective of technical measures as well as general security awareness and security culture.
Among the country's industrial organisations, Kaspersky sees higher risks of supply chain attacks that need to be mitigated.
Although far from being the world's most cybersecure country, Thailand does perform well in comparison with other countries in the region. Four major issues that need to be addressed are phishing, unprotected OT computers spreading viruses and worms, noticeable risk of ransom attacks inside the OT perimeter, and a high risk of supply chain attacks because OT engineering and integration systems are highly exposed to cyberthreats.
To deal with the cybersecurity challenge, the company recently introduced "Kaspersky Cyber Immunity", which is an approach trademarked in both the US and EU.
It represents a secure-by-design system that affords creating solutions that are virtually impossible to compromise and that minimise the number of potential vulnerabilities.
AVM Amorn Chomchoey, secretary-general of the NCSA, said the agency plans to sign a memorandum of understanding with Kaspersky for training and collaboration in the field of threat analysis.
The NCSA found 551 critical cyber-attacks from Oct 1, 2021 to Sept 20, 2022, including attacks on government agencies and important organisations. Website hacks were the most common form of cyber-attacks, accounting for two-thirds of the total detected in Thailand.
The education and healthcare sectors had the highest number of cyber-attacks as they have a large number of websites and systems to manage, and they rely heavily on their websites to communicate with the public.