National Cyber Security Agency (NCSA) vows to execute stricter enforcement of disciplinary and administrative measures on organisations which have critical information infrastructure (CII) that fail to comply with a minimum cybersecurity standard, while outlining its proactive strategy to enhance its critical infrastructure protection, promote the cybersecurity career sector, and bolster the public's cyber immunity.
"We'll focus on inspecting and implementing measures to prevent and manage risks of aII organisations' critical infrastructure," said Air Vice-Marshal Amorn Chomchoey, the NCSA secretary-general.
The NCSA's primary focuses are the adoption of a comprehensive approach of cybersecurity by emphasizing proactive protection and total defense, aiming to minimize the impact of cyber threats and enhance preventive measures.
"The critical infrastructure is a key area of concern, necessitating risk management, protection, continuous monitoring, and incident response preparedness," said AVM Amorn.
The agency's strategy focuses on three key areas. The first one is on cybersecurity attacks including thwarting denial of service and ransomware attacks that could disrupt essential services.
The second area is the online fraud which poses significant threats, particularly the deception of victims to invest on cryptocurrencies, which can result in substantial financial losses.The agency also focuses on the common online fraud activities such as fraudulent online lending and online sales scams.
The third area is the cyber wellness by educating the public how to identify misinformation and stay safe in the digital realm.
RAISING DEGREE OF ENFORCEMENT
The NCSA's top priority is safeguarding critical information infrastructure organizations. In this 2024 fiscal year, the agency plans to be more stricter in implementing disciplinary and administrative measures on these organisations which fail to meet cybersecurity readiness standards.
NCSA has focused on providing education and preparation of the critical information infrastructure organisations in the past two years. It has also conducted cyber drills to assess their readiness and to ensure that their critical infrastructure remains secure. Therefore, it is time to enforce stricter measures on those organisations which are still not ready to deal with the cyber risks.
While Thailand has never been faced a national-level service disruptions from cyberattacks, the NCSA recognizes the need for preparedness to deal with the critical cyber risk. Notably, the healthcare sector has improved its readiness, following past incidents, such as ransomware attacks in public hospital.
However, educational institutions, including schools and universities, remain a concern due to their inadequate preparedness on the matter.
CLOUD FIRST SECURITY
Moreover, NCSA adopts a "Cloud First Security" approach, aligning with the government's cloud-first policy. The approach emphasizes that cloud service providers have to share responsibility on the security with their users or organizations.
Users are also encouraged to design their applications with security in mind and conduct penetration testing. Morever, they should choose cloud service providers that have security standard and consider an option to purchase managed cloud security.
At the bottom line, the organization needs to continue monitoring their operations and have incident response process as well as data back up, AVM Amorn added.
SHORTAGE OF WORKFORCE
AVM Amorn said currently only 0.5% of 460,000 government officers possessing IT capabilities, while private organizations also have high demand of IT and cybersecurity personnel to serve their digital transformation.
The country needs to increase cybersecurity skill to serve overall industry needs, he added.
"Our goal is to increase workforces of cloud security and cloud engineers, aiming to build cloud security experts of at least 10,000 by 2024 through partnership," said AVM Amorn.
In an effort to foster a cyber-secure environment for the youth, the NCSA is in discussions with the Permanent Secretary of the Ministry of Higher Education, Science, Research, and Innovation to introduce cybersecurity knowledge into the health subject curriculum.
The initiative aims to educate students about cyber wellness, secure password practices, and the avoidance of cyberbullying. The agency wants to seek cabinet approval to promote this subject on a nationwide level.
AVM Amorn said the US begins teaching cybersecurity in primary schools. Thailand is considering introducing it at the secondary level.
The NCSA is also working to introduce cybersecurity courseware in universities and foster collaboration with employers to create job opportunities. The collaboration has already begun at Khon Kaen University and the agency aspires to expand the collaboration to involve ten universities.
Its partnerships with industry leaders like China's tech giant Huawei are anticipated to result in 1,000 cybersecurity graduates per year, addressing the industry's labor shortage.
"We committed to strengthening cybersecurity at all levels, from students to workers, by facilitating reskilling and relearning, especially in cybersecurity careers like white hat hacking, and cybersecurity monitoring," said AVM Amorn.
CONTEST FROM NCSA & HUAWEI TO CREATE INSPIRATION
AVM Amorn said apart from educational system, NCSA collaborates with global leaders, such as Huawei Thailand to organize competition events to foster cybersecurity knowledge.
The events inspire IT workers to upskill and reskill and raise public interest in this field and navigate people to enter in these career path, he added.
He said that this year Thailand Cyber Top Talent is the NCSA’s key activity where 2,323 young IT talents battled it out in Thailand’s largest cybersecurity showdown. The competition event has been co-hosted by NCSA and Huawei Thailand for 3 years. It is aimed to foster knowledge in the field of cybersecurity, online threats, and serve as a platform for individuals to enhance their skills, ultimately boosting their proficiency in this critical domain.
Moreover, it will organize Women: Thailand Cyber Top Talent 2023 in collaboration with Huawei Technologies (Thailand) Limited in December this year as a continuation from the Women: Thailand Cyber Top Talent 2022, aimed at empowering female students, scholars, and the general public to learn, enhance skills, and develop experience in becoming professionals in the field of cybersecurity.
This initiatives seek to build a cybersecurity workforce within organizations and the public, and promoting equal rights for women to express their full potential. For Huawei, it is committed to supporting Thailand’s digital transformation by prioritizes the nurturing of local IT talents. Huawei recognizes the critical role of cybersecurity workforce and closely collaborates with partners in government sector to enhance knowledge in online security. This is in line with Huawei’s “Grow in Thailand, Contribute to Thailand” mission, aiming to cultivate a new generation of skilled professionals to ensure Thailand's cybersecurity readiness.
In addition, NCSA also partners with Pramahataisuksa School to train disabled students on cybersecurity knowledge and organize cybersecurity contests for them.
"Our goal is provide equality to everyone and build cybersecurity workfoce for the industry while working with communities and partners to widen employment opportunity and career path to serve those workforces," AVM Amorn said.
AVOIDING FRAUDSTERS
AVM Amorn said that the online scam is a global problem. In the US, since 2021, Americans lost US$2.7 billion in scams from social media, according to the Federal Trade Commission.
Victimization by scams and fraud is a complex issue, caused by the interactions between potential victims and fraudsters.
AVM Amorn cited a research surveyed 1,408 Americans and Canadians who were targeted by scams and reported a scam.
The findings revealed that nearly half did not engage with the fraudsters and consequently were not victimized.
Thirty percent engaged with the scam but did not incur financial losses, while 23% engaged with scammers and ultimately lost money.
"Not engage in conversation with strangers will help avoid being victimized."
It was also found that prior knowledge of scams and fraud can reduce susceptibility, highlighting the importance of public awareness and education.
"This underscores the significance of proactive measures in enhancing cybersecurity and protecting individuals from financial harm," said AVM Amorn.
