For better cybersecurity, ‘Thailand needs better cyber hygiene’

Once people learn more about cyber hygiene, just as how they learned more about Covid-19, they will be more careful and better protect themselves against the threats.

“Cyberthreat has become a part of everyday life, so everyone has to learn how to live with it safely. We have to understand it, as we cannot avoid it,” Teerawut told The Nation during the Kaspersky Security Analysis Summit 2023 (SAS 2023) in Phuket.

Cybersecurity threats in Thailand are of concern, at both the organisational and individual levels.

Teerawut explained that most websites and networks in Thailand, when it was first built, were focused more on functionality and not much on security. The NCSA is trying create a standard measure for security, Teerawut said. On the individual level, he believes, that once people are more aware of the issue, their behaviour would change, and that would also help with security at their workplace as well.

Team sport

The NCSA is currently working with several organisations, foreign and Thai, from both public and private sectors. “Since being established two years ago, we have signed 14 MoUs [memorandums of understanding], and many more are in the pipeline,” Teerawut said, adding that cybersecurity issues needed everyone’s help.

“The British said it needs a whole society approach, while Singapore said it’s a team sport," he said.

If an organisation has a great security system, but there is one weak link, just one employee who lets malware in or gives out sensitive information, then the whole system becomes vulnerable, Teerawut explained.

The deputy also said on the SAS stage that when cooperating with foreign organisations, many different methods and issues would be proposed. The best thing to do is work on the common areas and keep the differences away initially.

The NCSA also works closely with the Cyber Crime Investigation Bureau (CCIB) police. The NCSA focuses on prevention, and the CCIB focuses on suppression, investigation, and arrest. The CCIB has its own limitations, Teerawut said, adding that if the crime has not been committed, the police can’t take action.

Building capacities

The NCSA is working on creating more awareness among citizens, young and old. Cybercrimes happen to every group of people in society, but the ones that lose the most money are the seniors, he said.

There are initiatives with the Office of the Basic Education Commission and many universities to educate children in school. They also work with various organisations to share knowledge with the elderly.

Teerawut said that another challenge to cybersecurity in Thailand was the lack of manpower and experts. Thailand has to develop more human resources quickly and open more work opportunities to different groups in society. Teerawut explained that he had once worked with the Redemptorist Foundation for People with Disabilities in Chonburi province. He found many talented individuals with disabilities who didn’t have the opportunity to develop their skills or get a job in the cybersecurity field.

The cybersecurity officer compared the NCSA with Cassandra in Greek mythology. Metaphorically, Cassandra points to a person whose valid warnings or concerns are disbelieved by others. He said that when his unit gave out warnings on the foreseeable cyber dangers to various organisations, they were mostly ignored. Most actions, most funding, won’t happen until the threat or the attack becomes more evident. “They understand [the risk], but they need to put funding in other things first,” he lamented.

In addition to cyber literacy for citizens, the NCSA is also trying to improve the security standard for the organisation, creating what Teerawut calls “best practices” guidelines for security measures, especially for agencies that involve information infrastructure, such as banking services. “Stronger security measures, reduce chances of getting hacked,” he said.