Exclusive: How Thailand plans to mobilise its people against ransomware

By Yogesh Hirdaramani

Amorn Chomchoey, Acting Deputy-Secretary General, National Cyber Security Agency, Thailand, shares how people's power is key in the fight against cyber threats.

“Not bloody likely,” snapped a defiant Princess Anne in 1974 as she stared down a handgun, refusing to leave her car. The kidnapper’s hope of wrangling a £2 million ransom from the capture of Queen Elizabeth’s daughter was promptly dashed by a punch from a passing heavyweight boxer.

Soon, the people of Thailand could mirror the Princess’ famously stoic front in the face of ransomware attacks. Beyond regulating cybersecurity standards, the National Cyber Security Agency (NCSA) plans to educate and empower the Thai people against cyber threats.

Amorn Chomchoey, NCSA’s Acting Deputy-Secretary General, lays out their plan to make cybersecurity accessible to the general public.


People power


As ransomware attacks grow in 2022, trust in public institutions and critical infrastructure is at stake, warns Chomchoey. To take one recent event, Thai hospitals and companies had their data hacked for a ransom not exceeding 1 million baht (US$30,000) in 2020, reported The Business Times. It can mean life or death when operations within critical services like hospitals are disrupted.

“Our motto now is People First. Our flagship project will be about improving cybersecurity capability for the people in Thailand,” he puts forth. NCSA plans to make cybersecurity accessible to everyday people with an e-learning platform. The platform will provide courses and materials in Thai.

“Beyond education, we run cyber competitions to make it fun. When we gamify cybersecurity, students will be more interested and consider a career in cybersecurity,” notes Chomchoey. Over 600 competitors recently vied for the crown at the 2021 Thailand Cyber Top Talent, organised by NCSA in collaboration with Chinese tech giant Huawei.

Now, NCSA is developing cybersecurity classes at the Thailand National Cyber Academy. These classes will educate over 2000 government and critical infrastructure officials in basic and advanced cybersecurity. They will also be developing auditor and practitioner courses for organisations to build their cybersecurity capacity, states Chomchoey.


Back to basics


When it comes to technology, tried and tested solutions remain superior over developing methods. AI and machine learning tools are not yet precise enough to support the fight against cyber threats, shares Chomchoey.

They currently produce too many false positives and frequently identify harmless scanning as breaches. More refining and training is necessary before these tools can be useful.

“Ransom gangs tend to be precise and difficult to detect with technology. We rely on cyber intelligence companies, which have teams monitoring their activity,” he shares.

Beyond working with cyber firms, Chomchoey asserts that they have found firewalls more useful than AI and machine learning. “A web app firewall can detect malformed requests, which can tell us right away if it's a human request or an attempt from hackers,” he notes.

NCSA requires critical infrastructure to notify authorities of cybersecurity breaches. On top of that, the agency plans to introduce cyber defence exercises to keep critical infrastructure organisations on their toes.


Empty your cup so that you may be filled


Finally, Chomchoey emphasises the importance of learning from others.

“We will try to be half a cup of tea, the type of cup waiting to be filled with lessons from others. Our goal will be to learn from others,” he outlines.

NCSA adopts best practices from the US, Australia, and ASEAN countries. For instance, they receive training from the Mitre Corporation, an American cyber think tank. NCSA has also participated in joint cyber drills hosted by Israel, reported The Bangkok Post.

The future of collaborative learning in ASEAN looks bright as well. A cybersecurity training centre for national cyber defence teams opened a new campus in Singapore in October 2021, reported The Straits Times. The Asean-Singapore Cybersecurity Centre of Excellence (ASCCE) promotes international knowledge sharing and cybersecurity across the region.

For Chomchoey, the learning never ceases as the enemy will innovate new strategies as well. Within Thailand, they work with the Ministry of Education and the Ministry of Higher Education to continue developing talent and cultivating cyber skills, shares Chomchoey.

“We’re trying to drive a Ferrari through unpaved roads, so we have to make the road as we drive ahead. We cannot wait because a hacker doesn't wait,” he asserts.

Building cybersecurity capacity begins with equipping people. From your regular Joe to the highest echelons of government, knowledge and training is key for cyber defence.