Security threats that occurred in Thailand
"Ransomware" Virus for Ransom Demand : Damage at Saraburi Hospital
“Ransomware”, which combines the words “Ransom” and “Software”, will encrypt the files on virus-infected computers or servers and make them unusable, and then request a “ransom” in exchange for the cancellation/unlocking.
Why Cybersecurity Is Needed?
Prepare for the risk of information leakage, suspension of corporate activities, and credit loss.
Nowadays, the damage caused by cyberattacks is occurring one after another, not only in Japan and Thailand but all over the world.
If personal information or customer information is leaked, the amount of compensation for damages may reach 100 million units, and if business operations cannot continue due to a system outage, corporate activities themselves will be jeopardized. In addition, the credit loss of companies and organizations affected by cyberattacks is inevitable.
What is needed to prevent these damages before it happens is cybersecurity.
In September 2020, at a hospital in Saraburi province in central Thailand, a hacker infected the hospital’s system with a ransomware virus, making the patient's medical information inaccessible. The fact that they did not back up the data also led them to the inability to provide medical services. The demanded ransom for the restoration is a virtual currency equivalent to 63 billion baht (about 220 billion yen). The damage caused by the business suspension was also enormous
<News Details>Hackers demand 200,000 bitcoin ransom from Saraburi Hospital for medical files|Thai PBS World
Compliance with Thailand’s Personal Data Protection Act (PDPA)
Unauthorized access from the outside is cited as one of the causes of personal information leakage, and it is also important to properly prepare an environment for managing important personal information data.
To comply with the laws in Thailand and to firmly protect the personal information of employees and customers, it can be said that security measures to prevent information leakage before it happens are more important.
In 2021, Thailand's first “Personal Data Protection Act (PDPA)” will be fully enforced with penalties.
Until now, there was no law regarding the handling of personal information in Thailand. However, “PDPA”, which complies with the "GDPR (EU General Data Protection Regulation)", has a wider range of target information to be protected and the defined strict regulations and penalties, when compared to the Act on the Protection of Personal Information (APPI) of Japan.
Cybersecurity based on CIS (Center for Internet Security)
It is an organization that works on Internet security standardization with the cooperation of companies and academic institutions and US government agencies such as the National Security Agency (NSA), Defense Information Systems Agency (DISA), National Institute of Standards and Technology (NIST), etc.
What is CIS: An organization working on Internet security standardization
A framework for security measures that should be taken first/First and foremost security measure framework
It is a framework for security measures that is one of the items defined in SP800-53 of the National Institute of Standards and Technology (NIST) and is simply summarized by focusing on “the minimum that must be done first”.
Objectively assess cybersecurity threats
We provide several benchmarks (objective criteria) that can help you assess cybersecurity threats. This benchmark is based on industry consensus as the best method.
Regularly evaluate the configuration of the operating system
Regularly evaluate the configuration of your operating system against CIS benchmarks and internal security policies.
Optimal support for overcoming system vulnerabilities
Application Scope of CIS Security
CIS security measures and support services
Survey : Propose minimum measures
to be implemented
Carry out an onsite survey. Investigate issues with existing networks, servers, PCs, etc., and propose minimum measures to be implemented.
Implementation :
Support CIS installation
A dedicated team will provide services to apply the values and settings recommended by CIS to the target systems. This includes the PDCA process that is carried out in the test environment and the production environment respectively and will support to promote more solid implementation.
Assessment : Regularly evaluate the configuration of the operating system
Compare the configuration of target systems with the CIS benchmark recommendations and regularly evaluate the operating system configuration. In addition, we can also provide our specific tools. Based on benchmarks (criteria that can objectively assess cybersecurity threats), identify gaps with the configuration you should set.
Cybersecurity measures in Thailand
Security measures with the abundant system development experience of more than 30 years in Thailand
It is cybersecurity measures that should be considered when installing a system (business application). We can propose the most optimal security measures based on our achievements and experience because we have been working with many customers to support the construction of the environment.
Support by a dedicated team specializing in security measures
“AGSS”, one of our group companies, is a specialized team providing IT support and IT consulting that specializes in building environments such as servers, networks, and infrastructure. We have more than 20 specialized engineers, and we have supported infrastructure construction and cybersecurity measures for many Japanese companies, including local companies in Thailand.
Related Video : IT Cybersecurity (Thai language)
For more information about AGSS, please refer to this website (English).
First, check the current risks and measures
For those who are worried about cybersecurity or in the process of considering strengthening security, we are pleased to explain Internet security standardization based on CIS, conduct an onsite survey at your company, etc.,
Case study of CIS implementation in Thailand (provided by our company)
Manufacturing – Petroleum
Number of employees : More than 4,000 people
Activity Hub : Deployed to 5 countries including overseas.
Server : 25 servers, 25 DC (Domain controller)
Client PC : More than 4,000 units
Our Support
IT Consultant
-
Standard fit & gap (Clarify applicable areas based on the survey)
-
Applying CIS controls (Support for developing minimum security measures)
Implementation Support : CIS Control, CIS Benchmarks, Self-Assessment
• Windows server 2022 active directory
• Exchange server 2019
• Windows server 2022
• Windows 11
• Vmware Vsphere foundation
![[CITYPNG.COM]HD Windows Server 2022 Logo PNG - 2000x2000.png](https://static.wixstatic.com/media/4cb6ec_e61b589d468f4385a46fbd229751830d~mv2.png/v1/crop/x_0,y_857,w_2000,h_330/fill/w_188,h_31,al_c,q_85,usm_0.66_1.00_0.01,blur_3,enc_auto/%5BCITYPNG_COM%5DHD%20Windows%20Server%202022%20Logo%20PNG%20-%202000x2000.png){kind=small}
Finance - Insurance
Number of employees : Approximate 600 people
Activity Hub : 2 locations in Thailand.
Server : 2 Domain, 6 DC (Domain controller)
Client PC : More than 600 units
Our Support
IT Consultant
-
Standard fit & gap (Clarify applicable areas based on the survey)
Implementation Support : CIS Control, CIS Benchmarks, Self-Assessment
• Windows server 2022 active directory
• Windows Server 2022
• Windows 11
![[CITYPNG.COM]HD Windows Server 2022 Logo PNG - 2000x2000.png](https://static.wixstatic.com/media/4cb6ec_e61b589d468f4385a46fbd229751830d~mv2.png/v1/crop/x_0,y_857,w_2000,h_330/fill/w_48,h_8,al_c,q_85,usm_0.66_1.00_0.01,blur_2,enc_auto/%5BCITYPNG_COM%5DHD%20Windows%20Server%202022%20Logo%20PNG%20-%202000x2000.png){kind=small}
