Thailand has been rapidly responding to digital transformation to achieve the 4th industrial revolution as other parts of the world. On 27 May 2019, the Cyber Security Act of Thailand B.E. 2562 (2019) (“CSA”) was published in the Government Gazette; therefore, it has been in effect since then. The Personal Data Protection Act (PDPA) has drawn various concepts from the EU General Data Protection Regulation (GDPR) and will come into effect next year. A one year transition period has been granted to companies and government agencies handling personal data to comply with key provisions of the Act. Therefore, the organizations in Thailand should comprehend the importance and find the ways to comply with these 2 Acts.
The main objective of the CSA is to secure national security in cyberspace, governing both public and private sector databases and information. CSA has applied the standards and guidelines of National Institute of Standard and Technology (NIST) to establish Cybersecurity Framework for cybersecurity privacy needs in Thailand in 5 core functions as follows:
1) Identify
2) Protect
3) Detect
4) Respond
5) Recover
Dr. Rattipong Putthacharoen, Senior Manager, Systems Engineering at Fortinet Thailand reveals that such Cybersecurity Framework provides the private sector organizations with a structure for assessing and improving their ability to prevent, detect and respond to cyber incidents. How to comply with the 5 Core Functions, the organizations need advance Security Fabric Platform from Fortinet. It is the first open architecture approach to security that dynamically adapts to and secure the IT infrastructure under Fabric-Ready Partner eco-system collaboration. Security Fabric Platform is broad (so as to have wide visibility of entire digital attack surface), integrated (so the protection covers across all devices, networks and appliances) and automated (the operations and response will be driven automatically by Machine Learning technology.)
Here are the 5 Functions and suggestions from Fortinet how to comply with them:
Identify
Organizations must develop an understanding of their environment to manage cybersecurity risk to systems, assets, data and capabilities. To comply with this Function, it is essential to have full visibility into your digital and physical assets and their interconnections, defined roles and responsibilities, understand your current risks and exposure and put policies and procedures into place to manage those risks.
Fortinet suggests at least to use the FortiToken and FortiNAC in order to identify and assess users; FortiInSight and FortiSIEM for asset and risk management purpose; FortiClient and FortiNAC for vulnerability assessment activities; next-generation firewall FortiGate, FortiAnalyzer and FortiManager for risk assessment and governance purposes.
Protect
Organizations must develop and implement the appropriate safeguards to limit or contain the impact of a potential cybersecurity event. To comply, the organization must control access to digital and physical assets, provide awareness education and training, put processes into place to secure data, maintain baselines of network configuration and operations to repair system components in a timely manner and deploy protective technology to ensure cyber resilience.
Fortinet proposes to use FortiGate as security gateway and FortiDDos, FortiMail to protect the mail system, FortiWeb to protect web applications, FortiClient as well as FortiProxy and the advance threat technology FortiSandbox to detect Zero-day attacks. To protect cloud environment, Fortinet has developed Fortinet-hosted services as SaaS type; namely, FortiSandbox Cloud, FortiMail Cloud, FortiWeb Cloud, and FortiCASB services. Moreover, Fortinet extends the on-IaaS security services with leading Infrastructure as a Service providers including AWS, Microsoft Azure, Oracle Cloud Infrastructure and Alibaba Cloud.
Detect
Organizations must implement the appropriate measures to quickly identify cybersecurity events. The adoption of continuous monitoring solutions that detect anomalous activity and other threats to operational continuity is required to comply with this function. The organization must have visibility into its networks to anticipate a cyber incident and have all information at hand to respond to one. Continuous monitoring and threat hunting are very effective ways to analyze and prevent cyber incidents in ICS networks.
In order to identify the unknown zero-day threat, Fortinet proposes FortiDeceptor and FortiSandbox appliances. Besides the FortiSEIM and FortiAnalyzer installed at Security Operation Center (SOC) help keeping and analyzing digital traffic log, that the organization shall supply once being asked.
Respond
Should a cyber incident occur, organizations must have the ability to contain the impact. To comply, the organization must craft a response plan, define communication lines among the appropriate parties, collect and analyze information about the event, perform all required activities to eradicate the incident and incorporate lessons learned into revised response strategies.
For endpoint detection response, Fortinet deploys FortiClient to perform activities to remedy the situation such as stop the users from opening the malicious file; and uses FortiNAC to quarantine the infected user and devices. Besides, FortiSIEM, FortiAnalyzer and FortiManager help analyzing computer log and making notifications automatically. With Fortinet’s latest Security-Defined Network technology, the connection and communications among security appliances and networking appliances; such as FortiGate, FortiSwitch and FortiAP are improved.
Recover
Fortinet can help organizations to restore any capabilities or services that were impaired due to a cybersecurity event on case by case basis.
The Personal Data Protection Act imposes high penalties for non-compliance. For example, it is punishable with administrative fines (up to THB 5 million), criminal penalties (imprisonment up to one year and/or fines up to THB 1 million). Therefore, Fortinet urges all entities to immediately assess the internal personal data governance and start taking action for compliance. The road to full compliance with the PDPA could involve the engagement from all departments and deploying advance security technology.
Fortinet is confident the Security Fabric Platform which is composed of sensitive data protection; including Data Loss Protection, Access Control, Data Integrity and Data Exposure. All the said features are embedded in Fortinet’s solution both Security as a Service (SaaS) type for on-premise protection and Infrastructure as a Service (IaaS) for cloud-environment protection. The involved appliance shall be FortiToken, FortiNAC, FortiWeb and FortiClient. The right approach for the company should be customized to fit the size and the business operation of each entity.