Firm warns of local critical infrastructure threats
Critical infrastructure (CI) attacks, data protection and mobile application vulnerability are high security threats in Thailand, says a global cybersecurity firm.
"CI attacks are a serious concern and drive cybersecurity investment in Asia-Pacific and Thailand," said Kevin O'Leary, chief of security for Asia-Pacific of Palo Alto Networks, a US-based cybersecurity firm.
CI threats are rising because of higher numbers of connected Industrial Internet of Things in the smart grid, connected medical devices and smart connected vehicles.
If the system cannot be recovered in time from a CI attack, that's not just an inconvenience, it means people's lives, he said.
"The Thai government needs a backup plan for recovery from CI attacks and to develop preventive security measures," said Mr O'Leary.
Cybersecurity is not just technology, but requires training, legislation and regulatory compliance. Business needs to evaluate what data and operations are most important or attacks will affect their businesses and disrupt operations.
Thitirat Tongtavorn, country manager of Thailand and Indochina for Palo Alto Networks, said power and utilities are the CI in which the government should invest in cybersecurity systems in 2019.
CI attacks raise awareness of supervisory control and data acquisition, as industrial systems are critical in energy, water and public transport systems.
"Previously cybersecurity investment was mainly in the financial segment, but now there are more CI agencies," said Ms Thitirat.
Mr O'Leary said data protection legislation has gained ground in Asia-Pacific and Thailand, in particular after the EU's General Data Protection Regulation and data sovereignty, keeping personal information identification and critical information infrastructure local in order to protect personal data.
"Data sovereignty is good for citizens, but for private business, it might be difficult for operation with cross-border data transfers and the constraints of adoption of data analytics/machine learning, as these might breach data sovereignty," he said.
Companies should embrace two-factor and multi-factor authentication, including biometrics, said Mr O'Leary.
Supply chains will continue to be the biggest link for cybersecurity in 2019, as manufacturing processes cross countries, connecting third-party networks to business systems.
Security should ensure network traffic for sensitive information is run separately from external devices and systems.