Privileged Accounts are Sources of Vulnerabilities – Part 2

This is a continuation from a previous article – Privileged Accounts are Sources of Vulnerabilities – Part 1.

In the previous article, Mr Lavi Lazarovitz, CyberArk Research Lab Team Leader, explains that hacking privileged accounts are as easy as 1-2-3-4. As much as it is easy for the attacker to pry the system, plugging the loopholes is no easy feat.

Lavi illustrates an analogy for explanation. Try spotting a checkmate on a board with thousands of pieces on it. The pieces represent many machines, accounts, serverless functions. Moreover, there are different policies and permissions which are used. Spotting the checkmate isn’t a case of black and white.

Lord Over the Darkness

Developers and engineers have their hands tied in such circumstances. Flexibility in their work demands a greater number of permissions.

However, Lavi is insistent that we should not restrict developers. He said, “[Instead] we need to restrict the permissions and some combinations. Some combinations are super privileged. If we are assigning a developer privilege, then he should be assigned top privilege account. It comes with a lot of requirements and things to do to secure this account. This might be multifactor authentication, monitoring and password rotations.”

However, he believes it is not the responsibility of the cloud developer to regulate how services are offered.

“The organisation itself decides,” he suggests thoughtfully but adds a hesitant rejoinder, “It is hard to say.”

“The cloud developer allows the flexibility. It is the flexibility which allows organisations to drive innovation. This is really awesome – to launch a new machine in a couple of seconds with one line of code – this is great!

But it is the responsibility of the organisation to know who has this combination of privileges that might allow the user or the attacker to compromise the credentials.”

This is where human intelligence intervenes to discern the gaps and plug it. Drawing on his expertise, Lavi says developers are working on abnormality identifying – identifying the gap between what the user actually uses, and the set of permissions granted. Often, the developer is granted way more permissions than are needed. The enlarged attack surface gives the attacker enough wiggle room to exploit or leverage.

Cyberark on their part advices, and are working on, to whittle down the gap to the bare minimum.

“Minimise the gap surface as much as possible,” instructs Lavi. “This can be done by learning from logs and network activity of what the user actually does – in an automatic way.”

Kingdom Come

The opportunities as well as challenges in a digital future clearly abound. Cybersecurity will be on our radars and the process of erosion on privacy has already begun.

Lavi thinks that the current state of technology is not mature enough to suppress the extensive forces which seek to invade our privacy. When asked if technology and cybersecurity are at loggerheads, Lavi responded, “Of course, absolutely.” Digital transformation necessitates an exponential increase in attack surface.

However, it’s not all doom and gloom. For the rest who are without access to privileged accounts, we can minimally play close attention to how our data is managed and how we surf the net.

As the future of work entails working remotely, researchers are working to hedge threats which accompany it. A knight of valour in the cyberworld, Lavi reiterates that security is not something trivial. We must keep our guard up.

Strengthening Singapore’s Cyber Defence Landscape

Singapore’s Senior Minister of State for Defence, Heng Chee How, and Senior Minister of State for Communications and Information and Health, Dr Janil Puthucheary, recently visited the Critical Infrastructure Defence Exercise (CIDeX) 2023, underscoring the government’s commitment to fortifying national cybersecurity.

The exercise, held at the National University of Singapore School of Computing, witnessed over 200 participants engaging in operational technology (OT) critical infrastructure defence training.

Organised by the Digital and Intelligence Service (DIS) and the Cyber Security Agency of Singapore (CSA), with support from iTrust/SUTD and the National Cybersecurity R&D Laboratory (NCL), CIDeX 2023 marked a collaborative effort to enhance Whole-Of-Government (WoG) cyber capabilities. The exercise focused on detecting and countering cyber threats to both Information Technology (IT) and OT networks governing critical infrastructure sectors.

This year’s edition boasted participation from DIS, CSA, and 24 other national agencies across six Critical Information Infrastructure (CII) sectors. With an expanded digital infrastructure comprising six enterprise IT networks and three new OT testbeds, participants operated on six OT testbeds within key sectors—power, water, telecom, and aviation.

CIDeX 2023 featured Blue Teams, composed of national agency participants serving as cyber defenders, defending their digital infrastructure against simulated cyber-attacks launched by a composite Red Team comprising DIS, CSA, DSTA, and IMDA personnel. The exercises simulated attacks on both IT and OT networks, including scenarios such as overloading an airport substation, disrupting water distribution, and shutting down a gas plant.

The exercise provided a platform for participants to hone their technical competencies, enhance collaboration, and share expertise across agencies. Before CIDeX, participants underwent a five-day hands-on training programme at the Singapore Armed Forces (SAF)’s Cyber Defence Test and Evaluation Centre (CyTEC) at Stagmont Camp, ensuring readiness for cyber defence challenges.

On the sidelines of CIDeX 2023, the DIS solidified cyber collaboration by signing Memorandums of Understanding (MoUs) with key technology sector partners, expanding its partnerships beyond the earlier agreement with Microsoft earlier in the year.

Senior Minister Heng emphasised the importance of inter-agency cooperation, stating, “CIDeX is a platform where we bring together many agencies throughout the government to come together to learn how to defend together.” He highlighted the collective effort involving 26 agencies and over 200 participants, acknowledging the significance of unity in cybersecurity.

Dr Janil echoed this sentiment, emphasising CIDeX’s role in the Whole-of-Government (WoG) cyber defence effort. He remarked, “Defending Singapore’s cyberspace is not an easy task, and it is a team effort.”

He commended the strong partnership between the Cyber Security Agency of Singapore and the Digital and Intelligence Service, recognising the exercise as a crucial element in strengthening the nation’s digital resilience and national cybersecurity posture.

By leveraging collaboration, innovation, and a robust defence strategy, Singapore aims not just to protect its critical infrastructure but to set a global standard in cybersecurity practices.

CIDeX 2023 serves as a compelling embodiment of Singapore’s unwavering dedication to maintaining a leadership position in cybersecurity practices. This strategic exercise underscores the nation’s commitment to cultivating collaboration and fortifying its resilience against continually evolving cyber threats.

Beyond a training ground for sharpening the skills of cyber defenders, CIDeX 2023 encapsulates the government’s profound commitment to adopting a robust, collaborative, and forward-thinking approach to safeguarding the integrity and security of the nation’s critical infrastructure in the dynamic landscape of the digital age.

India’s Tech Evolution and Safe Digital Spaces

Union Minister of State for Skill Development & Entrepreneurship and Electronics & IT, Rajeev Chandrasekhar, spoke at two influential tech events: the Indian Express Digifraud & Safety Summit 2023 and YourStory Techsparks’23. His engagements centred around India’s technological advancements, regulatory policies, and the nation’s promising future in the global tech landscape.

At these tech summits, Minister Rajeev Chandrasekhar outlined India’s ambitious technological trajectory, reinforcing the government’s dedication to fostering innovation, ensuring a safe digital environment, and harnessing the transformative power of technology for the nation’s progress.

Minister Rajeev Chandrasekhar articulated India’s journey in artificial intelligence (AI) and emphasised the government’s commitment to fostering innovation and the startup ecosystem. He expressed the government’s profound interest in further boosting India’s burgeoning startup landscape.

Minister Rajeev Chandrasekhar noted India’s transition from an unrestricted, eternally optimistic view of technology and the internet to a more nuanced approach. He highlighted the government’s aim to strike a balance between fostering innovation and growth while guaranteeing distinct rights for digital citizens.

The Minister emphasised the evolution from the phase of transforming India to the concept of ‘New India’ and now envisions witnessing the emergence of ‘Viksit Bharat’. He expanded on India’s transformation which resonated with the Prime Minister’s vision to raise India to a developed nation status, aiming to elevate the nation to the position of the world’s third-largest economy.

Highlighting the government’s initiatives, Minister Chandrasekhar stated, “Our focus is on startups, innovation, and funding, creating a computing infrastructure. In January, Prime Minister Shri Narendra Modi agreed to establish a significant amount of GPU capacity in India for startups to access and bring forth their innovation and foundational models.”

He advocated for decentralising the startup landscape, encouraging the emergence of successful ventures from various regions across India. “We want unicorns and successful startups to come from Meerut, Ghaziabad, Kohima, Srinagar, Kottayam, Belgaum, Dharwad, Visakhapatnam, Nagpur, and beyond,” he asserted, confirming the nation’s commitment to fostering innovation in diverse cities.

Addressing concerns about internet regulation and safety, the Minister explained the government’s evolved approach, focusing on ensuring safety and trust for digital citizens while holding platforms accountable. He clarified that “safety and trust are not for the Government; rather, they are initiatives aimed at safeguarding the vast majority of Digital Nagriks”.

Reflecting on his participation in the UK AI Summit, Minister Chandrasekhar underscored India’s commitment to a safe and trusted internet, aligning with the government’s guiding principles since 2021.

“We want the internet to be safe and trusted; it is an article of faith. We also aim for platforms to be legally accountable,” he reiterated.

He highlighted the need to embrace AI’s potential while managing risks, warning against a narrative that diminishes its innovation. The Minister emphasised that avoiding the overshadowing of AI’s benefits by its perceived risks is crucial for the digital economy and the populace.

“We don’t seek to demonise AI; rather, it’s vital to maintain a balance so that the discourse on its risks doesn’t eclipse its potential advantages,” he explains, clarifying India’s approach to artificial intelligence.

OpenGov Asia provided coverage of India’s expanding global influence, highlighting the country’s leadership roles across diverse international platforms. Prime Minister Narendra Modi has introduced the Global Digital Public Infrastructure Repository (GDPIR) and a Social Impact Fund (SIF). The GDPIR will be used for sharing information and best practices and the SIF is designed to advance Digital Public Infrastructure (DPI).

He unveiled the schemes during the Virtual G20 Leaders’ Summit. Chaired by the Ministry of Electronics and Information Technology (MeitY), the G20 Digital Economy Working Group (DEWG) has played a key role in progressing the global DPI agenda.

Securing Vietnam’s Digital Future

In a significant move aimed at fortifying the nation’s technological landscape, the Vietnam Authority of Information Security (AIS) has underscored the non-negotiable nature of cybersecurity in the current digital landscape.

Emphasising the indispensability of robust cybersecurity measures, the AIS recommended stringent adherence to these protocols across agencies, institutions, and businesses. In today’s digital landscape, the confluence of telecommunications and IT has redefined the contours of security, compelling institutions and businesses to recalibrate their approach to information security.

Image credits: Vietnam Ministry of Information and Communications

A workshop dedicated to IT and information security held in Hanoi spotlighted the criticality of information security investment for the digital future. A collaborative effort between AIS, Viettel Cyber Security, and IEC Group, the summit aimed at empowering institutions and businesses to proactively anticipate risks and navigate confidently through the complexities of the digital landscape.

Highlighting the severity of the situation, Nguyen Son Hai, CEO of Viettel Cyber Security observes that the digital transformation wave brings a torrent of information security risks. Viettel Threat Intelligence, for instance, reported 12 million hacked accounts within Vietnam, with 48 million data records compromised and traded in the cyberspace market. Moreover, the stark reality is that numerous entities remain unaware of being under cyberattack.

Financial fraud looms large on this precarious horizon. An alarming revelation showcases the exploitation of 5,800 domain names masquerading as commercial banks, e-wallets, manufacturing firms, and retail giants, posing a severe threat to users’ assets through deceitful means.

Ransomware, an escalating menace, presents formidable challenges to organisations and businesses. Its disruptive potential can cripple entire operations, with cybercriminals extorting exorbitant sums, sometimes reaching millions of dollars, from their victims.

Nguyen Son Hai highlighted the 300 GB of encrypted organisational data published on the Internet, indicating that the actual figures are likely higher, underlining the gravity of the situation.

Tran Dang Khoa from AIS stressed the perennial existence of information security risks, underscoring the urgent need for effective solutions. He outlined five pivotal criteria for cybersecurity solutions: legality, effectiveness, appropriateness, comprehensiveness, and a crucial emphasis on utilising solutions originating from Vietnam.

The paramount importance of legal compliance within cybersecurity frameworks cannot be overstated. Organisations providing online services bear a heightened responsibility to ensure compliance, as information security is mandated by law. Straying from these regulations can render entities liable in the event of security breaches.

Despite substantial investments in sophisticated protection systems, the efficacy of these measures remains questionable if they cannot detect and avert cyberattacks. The challenge lies in optimising system efficiency while rationalising costs – an arduous task that cybersecurity firms endeavour to address.

Khoa acknowledges the need to address existing vulnerabilities alongside fortifying against new threats. Neglecting existing risks within systems, and waiting for opportune moments for cyber assailants, poses significant dangers. Pre-emptive measures must focus on rectifying known vulnerabilities before investing in additional protective tools.

Khoa highlighted that vulnerabilities often emanate not from direct cyberattacks but from individuals within organisations possessing inadequate technological proficiency. Exploiting these individuals can cascade attacks throughout systems, amplifying vulnerabilities exponentially.

Empowering all personnel within organisations with robust cybersecurity knowledge and skills emerges as a pivotal defence mechanism. Khoa accentuated the criticality of imparting such knowledge to safeguard information systems comprehensively.

Furthermore, advocating for the utilisation of ‘Make in Vietnam’ products, solutions, and services assumes significance. Homegrown solutions tailored to address the specific intricacies of Vietnamese organisations offer unique advantages. These domestic solutions not only offer timely support but also demonstrate a deep understanding of local challenges, aiding in swift problem resolution.

As businesses and institutions navigate this dynamic digital terrain, the proactive integration of these strategies is pivotal in safeguarding against the multifaceted threats that loom large in the era of digital proliferation.

Thailand Strengthening Data Privacy and AI Safeguards

All institutions rely on IT to deliver services. Disruption, degradation, or unauthorised alteration of information and systems can impact an institution’s condition, core processes, and risk profile. Furthermore, organisations are expected to make quick decisions due to the rapid pace of dynamic transformation. To stay competitive, data is a crucial resource for tackling this challenge.

Hence, data protection is paramount in safeguarding the integrity and confidentiality of this invaluable resource. Organisations must implement robust security measures to prevent unauthorised access, data breaches, and other cyber threats that could compromise sensitive information.

Prasert Chandraruangthong, Minister of Digital Economy and Society, supports the National Agenda in fortifying personal data protection with Asst Prof Dr Veerachai Atharn, Assistant Director of the National Science and Technology Development Agency, Science Park, and Dr Siwa Rak Siwamoksatham, Secretary-General of the Personal Data Protection Committee, gave a welcome speech. It marks that the training aims to bolster the knowledge about data protection among the citizens of Thailand.

Data protection is not only for the organisation, but it also becomes responsible for the individuals, Minister Prasert Chandraruangthong emphasises. Thailand has collaboratively developed a comprehensive plan regarding the measures to foster a collective defence against cyber threats towards data privacy.

The Ministry of Digital Economy and Society and the Department of Special Investigation (DSI) will expedite efforts to block illegal trading of personal information. Offenders will be actively pursued, prosecuted, and arrested to ensure a swift and effective response in safeguarding the privacy and security of individuals’ data.

This strategy underscores the government’s commitment to leveraging digital technology to fortify data protection measures and create a safer online environment for all citizens by partnering with other entities.

Further, many countries worldwide share these cybersecurity concerns. In Thailand’s neighbouring country, Indonesia, the government has noticed that data privacy is a crucial aspect that demands attention. Indonesia has recognised the paramount importance of safeguarding individuals’ privacy and has taken significant steps to disseminate stakeholders to gain collaborative effort in fortifying children’s security.

Nezar Patria, Deputy Minister of the Ministry of Communication and Information of Indonesia, observed that children encounter abundant online information and content. It can significantly lead them to unwanted exposure and potential risks as artificial intelligence has evolved.

Patria stressed the crucial role of AI, emphasising the importance of implementing automatic content filters and moderation to counteract harmful content. AI can be used to detect cyberbullying through security measures and by recognising the patterns of cyberbullying perpetrators. It can also identify perpetrators of online violence through behavioural detection in the digital space and enhance security and privacy protection. Moreover, AI can assist parents in monitoring screen time, ensuring that children maintain a balanced and healthy level of engagement with digital devices.

Conversely, the presence of generative AI technology, such as deep fake, enables the manipulation of photo or video content, potentially leading to the creation of harmful material with children as victims. Patria urged collaborative discussions among all stakeholders involved in related matters to harness AI technology for the advancement and well-being of children in Indonesia.

In the realm of digital advancements, cybersecurity is the priority right now. Through public awareness campaigns, workshops, and training initiatives, nations aim to empower citizens with the knowledge to identify, prevent, and respond to cyber threats effectively. The ongoing commitment to cybersecurity reflects the country’s dedication to ensuring a secure and thriving digital future for its citizens and the broader digital community.

Philippine E-Travel System Enhances Border Control

The introduction of the E-Travel Customs System at Ninoy Aquino International Airport Terminal 1 by the Bureau of Customs (BOC) in conjunction with key stakeholders represents a significant stride in the direction of enhancing national security and streamlining customs processes in the Philippines.

This transformative system, developed in coordination with the Bureau of Immigration (BI), the Banko Sentral ng Pilipinas (BSP), the Anti-Money Laundering Council (AMLC), and the Department of Information and Communications Technology (DICT), marks a significant leap in digitising data collection processes for travellers and crew members arriving in and departing from the Philippines.

The integration of the Electronic Customs Baggage Declaration Form (e-CBDF) and Electronic Currencies Declaration Form (e-CDF) into the BI’s eTravel System is a pivotal step in the evolution of border control practices. This collaborative initiative aims to optimise customs procedures, bolster health surveillance, and facilitate in-depth economic data analysis.

The E-Travel Customs System, a unified digital data collection platform, streamlines the passenger experience at airport terminals. Its standout feature is the integration of the Electronic Customs Baggage and Currency Declaration interface, formerly part of the BOC’s I-Declare System, introduced last year.

Travellers and crew members can now utilise a user-friendly, single web portal that consolidates the border control requirements of the Bureau of Quarantine, BOC, BI and the BSP.

This not only enhances the overall passenger experience but also enables the BOC to receive advanced information for effective risk profiling. Besides, the timely sharing of information with AMLC and BSP strengthens the nation’s commitment to combat money laundering and ensure financial security.

BOC Commissioner Bienvenido Y Rubio expressed confidence in the E-Travel Customs System’s potential to revolutionise customs processes, stating, “This collaborative initiative demonstrates our commitment to innovation and efficiency in customs management.”

The E-Travel Customs System will play a pivotal role in ensuring the security of the borders and fostering a seamless travel experience for all. Commissioner Bienvenido added that they are dedicated to advancing the customs practices, aligning with global standards, and safeguarding the interests of the nation.

The BOC cited that the E-Travel Customs System stands as a testament to the government’s dedication to providing cutting-edge solutions for border control, aligning with international standards, and advancing towards a more secure and efficient customs environment. The collaborative efforts of the BOC, BI, AMLC, BSP, and DICT signify a commitment to innovation, ensuring that the Philippines remains at the forefront of modern customs practices.

The E-Travel Customs System represents a paradigm shift in customs management, transcending mere technological enhancement. It stands as a strategic initiative meticulously designed to reshape and fortify customs practices, infusing them with agility, heightened security, and alignment with global best practices. This innovative system is not merely an upgrade; it is a holistic approach aimed at ushering in a new era of efficiency and adaptability in customs operations.

As the Philippines embraces this technological leap into the future of border control, it reaffirms its unwavering commitment to establishing a customs environment that goes beyond traditional boundaries. The system’s multifaceted capabilities, ranging from streamlined data collection to real-time risk profiling, showcase its transformative potential.

By prioritising technological advancements, the nation aims to enhance the overall travel experience, reduce procedural bottlenecks, and strengthen its position in global efforts to ensure secure and seamless border management.

Holiday Cybersecurity Vigilance Urged in the U.S

According to predictions from a global cybersecurity company, the financial sector witnessed increased cybercriminals targeting online payment processing systems in 2020. This phenomenon is becoming more significant as the shopping process transforms into the online realm, making this sector highly vulnerable to cybercrimes. Especially as Christmas and New Year approach, where shopping intensifies substantially, cybercriminals see this moment as a golden opportunity to launch their dangerous actions.

In light of this challenge, amidst the holiday shopping season, the U.S. Department of the Treasury’s Office of Cybersecurity and Critical Infrastructure Protection (OCCIP) is arming consumers with valuable insights on how to stay cyber-secure and avoid falling prey to online scams. In a positive light, this advisory not only recognises the challenges posed by the rise of artificial intelligence (AI) in cybercrimes but empowers individuals to take proactive measures to protect themselves.

This holiday season, as people immerse themselves in the festive spirit, OCCIP urges Americans to stay vigilant, be proactive, and respond immediately if targeted by scammers or fraud. Rather than emphasising the negative aspects of potential cyber threats, OCCIP’s approach is geared towards equipping consumers with the knowledge and tools to navigate the digital landscape securely.

Deputy Assistant Secretary for OCCIP, Todd Conklin, emphasises the need for consumers to exercise caution and critical thinking during online transactions. He noted that every year, cybercriminals are getting more creative to take advantage of consumers, and this year is no different with the rise of AI. However, Conklin encouraged individuals to approach online deals discerningly instead of fostering fear. The advisory recommends thinking, researching, and consulting with trusted individuals before purchasing, cultivating a positive and empowering mindset.

To further emphasise the positive message, the OCCIP advisory raises awareness about potential risks and offers a comprehensive set of constructive tips for consumers. In empowering individuals with self-efficacy, the advisory aims to instil confidence in consumers as they navigate the online marketplace during the festive season.

Moreover, the OCCIP advisory takes a proactive stance by furnishing victims of fraud with practical steps to mitigate damages and losses. This approach is strategically designed to reassure individuals that, even in the unfortunate event of falling prey to a scam, there are actionable measures they can promptly undertake to rectify the situation and minimise the impact on their finances.

The OCCIP recognises the evolving landscape of cyber threats, especially with cyber criminals’ increased integration of artificial intelligence. By acknowledging the challenges posed by AI-driven phishing attacks, the advisory positions itself as a warning system and a guide for consumers to navigate the complexities of an online environment fraught with potential risks.

As part of its positive outreach, OCCIP emphasises the importance of trusting one’s instincts and not succumbing to pressure while making online transactions. The advisory suggests that if an online deal appears too good to be true, it likely is. This messaging aims to empower consumers with the confidence to make informed decisions and resist the tactics employed by cybercriminals.

OCCIP provides the public with a copy of the advisory in the cooperative mindset of sharing information. This transparency and openness foster community and shared responsibility in tackling cyber threats. Through this stride of individuals to report fraud incidents to the Federal Trade Commission and the Federal Bureau of Investigation’s Internet Crime Complaint Centre (IC3), OCCIP promotes a collective effort in combating cybercrimes.

This news underscores that the responsibility for addressing the cyber threat is not solely on individuals but is a collective effort that people must tackle together. As the U.S. prepares for its festive holidays, other countries must also emphasise the importance of collectively addressing the cyber threat during this upcoming season. By implementing these measures collaboratively, OpenGov believes that cybersecurity measures will foster a safer online environment for everyone.

Thailand Fortifying Data Security Collaboratively

Amid the relentless surge of cybersecurity threats, governments and technology agencies must embrace heightened awareness and implement meticulous data protection strategies. The escalating cyber threats necessitate a proactive stance, where staying one step ahead is crucial to safeguarding crucial information assets.

In this dynamic digital landscape, where information is a commodity, governments must acknowledge the evolving nature of cyber threats and continuously fortify their cybersecurity measures. Rapid technological advancements bring new challenges, requiring adaptive and innovative solutions to balance potential vulnerabilities.

Collaboration between government bodies, regulatory agencies, and technology experts is paramount in fostering a collective defence against cyber threats towards data privacy. Sharing insights, intelligence, and best practices creates a robust cybersecurity ecosystem capable of anticipating and mitigating emerging risks.

To secure public information and ensure data privacy, Mr Prasert Chandraruangthong, the Minister of Digital Economy and Society, has initiated measures to combat leaks and the illicit trade of personal information. Recognising the situation’s urgency, the Minister outlined a comprehensive plan divided into three periods—30 days, six months, and 12 months.

During the first 30-day period, the Office of the Personal Data Protection Commission (PDC) established the Personal Data Violation Surveillance Centre to investigate public information disclosures promptly. The operations conducted this November inspected 3,119 government and private sector agencies. The PDPC detected data leaks in 1,158 cases, leading to corrective actions taken by the agencies in 781 instances. Notably, three issues of personal data trading were uncovered, prompting investigations and prosecutions in collaboration with The Police Technology Crime Investigation Headquarters.

Simultaneously, the PDPC, under the directive of the Police Technology Crime Investigation Headquarters, expedited inspections of 9,000 agencies within the next 30 days. This initiative targeted government agencies deemed critical information infrastructure (CII), including those in the energy, public health, government services, finance, and banking sectors.

During the inspections, the cybersecurity systems of 91 agencies were examined. Of these, 21 were identified as having high levels of risk, prompting corrective actions by the National Broadcasting and Telecommunications Commission (NBTC).

The third measure involves collaborative efforts between the National Council for Peace and Order (NCPO), NBTC, and relevant agencies such as the Thai Chamber of Commerce, Federation of Thai Industries, Thai Bankers Association, Thai Life Assurance Association, Thai Hotel Association, and the media sector network. The objective is to raise awareness about personal data protection and prevent potential risks from inadequate security procedures. This includes knowledge-sharing sessions on maintaining cybersecurity through Cybersecurity Awareness Training. The collaborative initiative emphasises preventing intrusion from outsiders, securing system settings, and enforcing the law within the purview of the authorities.

For the subsequent six-month period, the Ministry of Digital Economy and Society and the Department of Special Investigation (DSI) will expedite efforts to block illegal trading of personal information. Offenders will be actively pursued, prosecuted, and arrested to ensure a swift and effective response in safeguarding the privacy and security of individuals’ data.

This strategy underscores the government’s commitment to leveraging digital technology to fortify data protection measures and create a safer online environment for all citizens by partnering with other entities.

OpenGov Asia reported that Thailand is strategically addressing escalating cybersecurity concerns with a multi-faceted approach involving tech, partnerships, specialised task forces, public relations efforts and training programmes to fortify cyber resilience and foster innovation.

The Minister of Digital Economy and Society, Mr Prasert Chandraruangthong, along with Professor Wisit Wisitsaratha, Permanent Secretary of the Ministry of Digital Economy and Society, and ministry executives from affiliated agencies, recently conducted a meeting to review strategies to address cybercrime problems, notably personal data leaks. Thus far, Thailand has generated several ideas concerning cyber threats, particularly in financial cybersecurity. Mr Prasert Chandraruangthong has initiated several steps and frameworks to address these issues:

December 2, 2023

9th Annual Singapore OpenGov Leadership Forum 2024, 14 - 16 May 2024 - CLICK HERE FOR DETAILS

We are creating some awesome events for you. Kindly bear with us.

Privileged Accounts are Sources of Vulnerabilities – Part 2

Strengthening Singapore’s Cyber Defence Landscape

India’s Tech Evolution and Safe Digital Spaces

Securing Vietnam’s Digital Future

Thailand Strengthening Data Privacy and AI Safeguards

Philippine E-Travel System Enhances Border Control

Holiday Cybersecurity Vigilance Urged in the U.S

Thailand Fortifying Data Security Collaboratively

Recommended Stories

Strengthening Singapore’s Cyber Defence Landscape

India’s Tech Evolution and Safe Digital Spaces

Securing Vietnam’s Digital Future

Thailand Strengthening Data Privacy and AI Safeguards

Philippine E-Travel System Enhances Border Control

Holiday Cybersecurity Vigilance Urged in the U.S

Strengthening Singapore’s Cyber Defence Landscape

Fostering Innovation and Entrepreneurship in Hong Kong’s Tech Landscape

India: Technological Pioneering for Sustainability

Digitalising Bureaucracy: Indonesia’s Vision for Agile Governance

U.S. Advancing Responsible AI

Digital Dentistry Reshaping Oral Care in Singapore

India’s Tech Evolution and Safe Digital Spaces

MENU

PARTNER

Qlik

PARTNER

CTC

PARTNER

Planview

SUPPORTING ORGANISATION

SIRIM

PARTNER

HashiCorp

PARTNER

IBM