The National Cyber Security Agency (NCSA) says it will collaborate with the Office of the Personal Data Protection Committee (PDPC) to safeguard critical information infrastructure (CII) and prevent data leaks, including opening a single channel to receive notifications about cyber-incidents.
Both agencies will also work with universities to provide cybersecurity and privacy courses to equip the younger generations with such knowledge.
"We want deeper collaboration between the agency and the Office of the PDPC to streamline the process of receiving incident notifications through a single contact [at NCSA]," said AVM Amorn Chomchoey, secretary-general of NCSA.
He was speaking at a recent seminar titled "Cyber Elite Day", held by Cyber Elite, a subsidiary of digital solutions provider Benchachinda Group.
According to AVM Amorn, this year the country has faced major data leaks involving hospitals and high-profile cyber-attacks, as well as the sale of personal data to scammers, which highlights the importance of cybersecurity and personal data protection.
Most of the cyber-attacks entail data leaks where personal data could be misused.
In cases where personal data is leaked, NCSA will pass the information to the PDPC to streamline further steps to deal with the issue.
The Personal Data Protection Act (PDPA) mandates organisations handling personal data report leaked data within 72 hours of the attack taking place.
Quickly notifying the PDPC will help reduce the scale of the impact as the fast spread of rumours about data breaches could potentially spark panic, he said.
Both regulators will support cybersecurity and privacy courses at universities to ensure the new generation of workers is equipped with the necessary skills and knowledge, AVM Amorn said.
In 2023, cybersecurity will gear towards risk-based management with preventive measures, he said.
More investment in CII-related cybersecurity can be expected as the Cybersecurity Policy and Operation Plan (2023-27) is to be enacted soon, AVM Amorn said.
Siwaruk Siwamogsatham, the new secretary-general of the PDPC, said during the first year of the PDPA's enforcement starting from June this year, the agency will not resort to punishment, instead giving warnings and employing a reconciliatory approach in response to violations.
Early next year, any judgements regarding violations would set precedents for other cases, he said.
The PDPC has two subcommittees in finance and digital technology fields.
"We have received a lot of complaints despite having no official channels or processes to receive them," said Mr Siwaruk.
Referring to cybersecurity trends in Thailand next year, Supakorn Kungpisdan, managing director of Cyber Elite, said local organisations will invest more in technologies to prevent cyber-attacks, in line with their risk acceptance level in what is called "risk-based management".
A cyber-risk dashboard will be adopted to view security risk postures and cyber-risks, he said.
Mr Supakorn said Cyber Elite will launch its first dashboard product, called Oversight, by the second quarter.
Supply chain attacks are another trend as attackers are exploring vulnerabilities in third parties.
He suggested organisations conduct cyber-incident drills for various scenarios, such as malware and ransomware attacks, while integrating internal communications from IT and security teams to decision makers.
Organisations need to have security checklists and pursue continued monitoring, said Mr Supakorn.
He said cloud security is increasingly important as there are many new cloud native applications now.
"We will provide cloud workload security migration services to meet demand," said Mr Supakorn.
Vichai Bencharongkul, president of Benchachinda, said cybersecurity is becoming more important and that is why the company spun off its cybersecurity business to concentrate on the issue.
The company has a decade worth of expertise in cybersecurity.
"Our goal is to export our services to Asean countries," said Mr Vichai.
