Information security remains among the major concerns as we enter the new year. Data from the National Cybersecurity Agency (NCSA) shows that organizations in Thailand had been attacked almost 1,800 times in the first 10 months of last year, with the education and government sector among the most targeted. In mid-December last year, a local Hospital became the latest victim
An increasing number of organizations are facing risks in dealing with rapidly growing cyber threats. The attention now predominantly shifts towards critical information infrastructure. Essential services in this area include healthcare and finance, which are facing the brunt of the various phishing and ransomware attacks.
Defining critical infrastructure
Organizations that are deemed critical provide essential services to citizens. Thailand has identified 7 categories from government security and primary government services, finance and banking, information technology, telecommunications, transportation and logistics, to energy and utilities as well as public health. The Palo Alto Networks ASEAN State of Cybersecurity report 2023 identified banking and finance as the sector with the highest number of disruptive attacks.
Thailand’s National Cybersecurity Agency has been stepping up requirements for critical information infrastructure organizations since 2022. ISO 27,000 and 27,001 compliances, which calls for regular checks for threats and vulnerabilities, has become a minimum requisite. Institutions are instructed to follow these standards in every aspect and create an incident response plan.
Focus on operational resiliency
Digital transformation is fundamentally changing the way organizations have to protect themselves. The new cyber threat landscape, as well as changing work habits, are producing various challenges. A hybrid workforce and accelerating cloud migration created a scenario where applications and users can be everywhere, where users demand the ability to access from any location on any device.
As a result, organizations today require a higher level of security, which has to be applied consistently across all environments and interactions. The Zero Trust approach is highly recommended in this scenario. It helps remediate a number of the security challenges that critical infrastructure environments are facing, creating the level of cyber resilience that is needed.
At the heart of the model lies the idea that it eliminates implied trust. Every user has to be authenticated, every access request validated. All activities are continuously monitored. Besides the security aspect, it provides a common experience for users, wherever they are. Whether employees work from home or in the office, they are being treated in the same way from a security and risk perspective. People won’t automatically receive access privileges if they enter an office.
Moreover, Zero Trust also extends to other infrastructure components such as OT devices or network nodes. Whenever devices aim to access the network they will need authorization, even if permission had been granted in earlier instances.
Protecting the most vital assets
Besides the rigorous enforcement of the Zero Trust method, organizations should follow other core principles. They need to regularly conduct thorough evaluations of all their assets and assess the risk impact. OT and IT networks therefore need to be clearly segmented.
Security operations centers (SOCs) monitor an organization’s IT infrastructure as a fundamental component of a robust cybersecurity strategy. Currently, 85% of organizations outsource their SOC, according to the project Security Posture Assessment to evaluate the IT infrastructure of 17 Critical Information Infrastructure which conducted by National Cyber Security Agency (NCSA) collaborates with TIME Consulting and Palo Alto Networks. Businesses should periodically review managed SOC service contracts to assure improvements of the SLAs in place. MTTD (mean time to detect) and MTTR (mean time to resolve) of incidents are useful KPIs in this regard.
Today, AI and ML technology are advancing threat detection capabilities at a speed we haven’t seen before. They can help operations to adopt and develop a modern SOC operating model that looks for the effective automation of existing processes.
At the end of the day, however, least-privileged access and continuous trust verification are the key to limiting the impact of security incidents. Continuous security inspections ensure that transactions are safe. Both are able to eliminate threats—known and unknown, such as zero-day threats—without affecting user productivity.
Securing critical information infrastructure is essential for our society at large. It should be raised to become a priority on the national agenda, holding all stakeholders accountable. Collaboration among stakeholders is essential. It will prevent cyber threats and mitigate long-lasting damage to the entire supply chain.
Article by Dr Tatchapol Poshyanonda, Country Director for Indochina, Palo Alto Networks
Gartner predicts 30% of enterprises will consider identity verification solutions unreliable
