Cyber Security Landscape and Research

Cyber Security Landscape in Thailand

Overview

  • Discussion led by Assoc. Prof. Dr. Sirapat Boonkrong at Suranaree University of Technology.

  • Key sectors covered: Cyber Security Problems, Market, Research, and National Cyber Security Agency.

Major Cyber Attacks in Thailand

  • September 2021: Bhumirajanagarindra Kidney Institute.

    • Incident: Remote hacking targeted patient data.

    • Data compromised: Dialysis details and X-rays.

  • April 2018: TrueMove H Data Breach.

    • Incident: Customer data leaked on Amazon Web Services.

    • Data compromised: ID cards, driving licenses without protection.

  • September 2020: CP Freshmart Customer Data Theft.

    • Incident: Personal data stolen and sold online.

    • Data not compromised: Financial information.

  • October 2021: Saraburi Hospital Ransomware Attack.

    • Impact: Ransomware compromised patient data retrieval despite backups.

  • January 2021: 3BB and MONO Data Breach.

    • Incident: Hackers demanded $550,000 for stolen data; company reinforced cybersecurity.

  • February 2022: TCAS Student Data Leak.

    • Incident: Over 23,000 student records sold on the dark web.

  • August 2021: Bangkok Airways Ransomware Attack.

    • Incident: Lockbit ransomware affected company information systems.

  • March 2023: 9near Hacker Incident.

    • Impact: Personal data of 55 million Thai citizens sold online.

Current Cyber Security Issues

  • Cyber Attack Statistics: Thailand faces over 800 weekly cyber attacks, indicating a higher rate than the global average.

  • Types of Attacks: Phishing, identity theft, ransomware, IoT attacks, and patching vulnerabilities prevalent.

Statistics (2023)

  • Attacked Organizations:

    • Education: 746

    • Government: 538

    • Banking: 209

    • Health: 89

    • IT & Telecommunications: 82

  • Total Cyber Threats:

    • Major threats include phishing, ransomware, and web defacement.

Legislative Framework

  • Digital Laws History:

    • 2002: Electronic Transactions Act.

    • 2007: Computer Crime Act defined computer-related crime and authorized investigations.

    • 2016: Digital Development for Economy and Society Act established DEPA.

    • 2020: National Cyber Security Act set rules to handle cyber threats.

Cyber Security Agencies

  • National Cyber Security Agency (NCSA):

    • Roles include policy recommendations, threat monitoring, and training personnel.

Cyber Security Capability Development

  • Activities aimed at enhancing cybersecurity officer skills and awareness training.

  • Research institutions’ work on minor errors, vulnerabilities, and incident responses.

Future Directions

  • Upcoming focuses on the cyber threat landscape, particularly in a post-quantum era, and advancing cyber security measures.

  • Plans to enhance strong password policies and user education in security practices.

Research Interests of Dr. Sirapat Boonkrong

  • Focus Areas:

    • Authentication, Cryptography, Protocol Design, and Cyber Security Strategies.

Conclusion

  • The landscape of cyber security in Thailand is dynamic and evolving, with a significant emphasis on legislative, educational, and practical measures to combat increasing cyber threats.