Cyberattack system gets standardised
A “national single cybersecurity standard system” has been created by the government in a bid to tackle the threat of increasingly sophisticated cyberattacks on state agencies and businesses.
With the cooperation of 18 state agencies and associations, the single standard system will be managed and operated by the Electronic Transactions Development Agency (ETDA).
A pool of cybersecurity professionals across all industries will soon be set up to help develop comprehensive cyberattack scenarios and cyberdefence solutions.
ETDA chief executive Surangkana Wayuparb said the number of cyberfraud incidents has surged substantially, especially in the financial, investment, e-commerce, insurance and telecom sectors.
“A single cybersecurity standard system will help the country deal with cyberattacks more efficiently,” she said.
A slew of cybersecurity measures and joint development initiatives will be put in place, including technology transfer, surveillance systems, information exchange, human development of cyberexperts, and information management.
Thailand saw 4,300 cyberattack incidents last year, up from 3,300 in 2014.
The government, through ETDA, is seriously counteracting both external attacks and internal frauds that are increasingly advanced and sophisticated.
In a 2015 cybersecurity survey conducted by the ETDA among 113 participants from state agencies and private companies, 87% of respondents said they had experienced a loss from a cyberattack. Some 8% said they were not sure whether they had been attacked, while 3.5% of respondents said they did not have the skills to understand cyberthreats. The rest said they had never been attacked.
The survey also reported the causes of attacks on state agencies, saying 69% came from state officials who lacked cybersecurity literacy.
Some 59% stemmed from installing malware that made state computer systems vulnerable; 35% were because they had no proper measures to tackle cyberattacks; and 26% were attributed to IT staff at state agencies who lacked sufficient cybersecurity skills.