Cybercrime is a crime that involves a computer and a network to further illegal ends, such as committing fraud, stealing identities, or violating privacy. Computer viruses are one of the cybercrimes; probably the first kind of crime you became aware of. Viruses infect computer systems, destroying files, messing with the overall functionality, and self-replicating to other devices and systems. Viruses are a form of malware, which encompasses all kinds of malicious software, any code or programs written and distributed to damage, steal data, and make money for the virus’s owner. This includes ransomware, which can lock up your files until you pay a ransom to decrypt them.
Cybercrime is a problem nowadays because technology is advancing every day. However, security measures to protect this technology and the users of the technology are not advancing as quickly. This allows for cybercrime to occur more often.
Cybersecurity Ventures, the world’s leading researcher expects global cybercrime costs to grow by 15 percent per year over the next five years, reaching $10.5 trillion annually by 2025, up from $3 trillion in 2015. This represents the greatest transfer of economic wealth in history, which is exponentially larger than the damage inflicted from natural disasters in a year.
So, what are the cybercrime situation in Thailand? Let’s find out the interesting information in this newsletter. In Thailand, the cybercrime incidents are divided into 9 categories as follows;
Table.1 Categories of cybercrime in Thailand
The trend of historical statistics of cybercrime incidents in Thailand since 2018 is decreased but the number of incidents is still high. The average losses of cybercrime in 2021 rise up to 144%, or $2.2 million. or approximately 72.6 million Thai Baht. The most affected industries were legal services, construction, wholesale and retail, healthcare, and industrial estates. Thailand is in 6th ranked in the Asia-Pacific countries and Japan is mostly affected by ransomware.
According to the survey questionnaire of cyber companies in many countries, it was found that the users in Thailand were attacked by cybercrimes around 21% in 2021 which is lower than the global average of 29%.
In the last 4 years, the numbers of cybercrimes are 2,250 cases (in 2018), 2,470 cases (in 2019), 2,250 cases
(in 2020), and 2,069 cases (in 2021) which have no significant changes. However, the incident type of intrusions was decreased while malicious code and other threats (such as information gathering) were increased. The situation of cybercrimes in Thailand in the last 4 years is shown as the following diagram.
Figure.1 Number of cyber attacks in Thailand ( 2018 – 2021 )
Examples of big cybercrimes in Thailand are shown in the below table.
Table.2 Examples of major cybercrimes in Thailand
Due to the limited resources (people, time, and budget) of the foreign subsidiaries compared with the headquarters, the security level of foreign subsidiaries therefore tends to be lower than the headquarters. The attackers have already known this condition. Thus, the attack of foreign subsidiaries will be an intermediate for intrusion into the headquarters system.
There are various types of cyberattacks in the past year, causing the high flexibility to deal with the situation is required. Although the details of the countermeasure have already been known, the proper handle cannot be guaranteed. Since independent coping with the situation after the accident without the support from specialists is difficult, the segregation of responsibilities among foreign subsidiaries, headquarters, and external cybersecurity specialists is obviously important. In this article, regular training is suggested to prepare the countermeasures starting from the anomaly detection to initial responses through concrete simulation situations as the examples below.
This section mentions cybersecurity insurance. In the event of cyber incidents as shown in the table on page 3, your company’s initial response is very important to mitigate losses. Besides a quick response, an advanced technical countermeasure is also necessary. There are very few foreign subsidiaries with limited resources that can independently cope with cyber incidents without supporting from external organizations. Therefore, regular training and preparation of emergency communications are required for swift communication with cybersecurity specialists in case of an accident.
If the insurance on cyber security has been covered on your company already, the insurance company will contact cybercrime specialists and immediately troubleshoot to recover as soon as possible. If the emergency communication with contracted IT companies has been proceeded, problems will be solved faster as well. In addition, there are insurance companies that provide training services such as phishing email training which can increase the efficiency of cybercrime response. The example of training is shown in the below figure.
Figure.2 Example of Targeted email attack training
The cyber risks such as the enormous financial burden caused by ransomware damage are increasing and more complicated every year. Besides direct damage from cybercrimes, the number of consequential damages and minor incidents is also increasing. Such situations do not affect only your company, it also affects business partners, customers, and shareholders. In some cases, it may affect the market and society as well. Therefore, please be informed that the situation can be resolved with urgency and advanced technical response even in a limited resource condition if insurance services are utilized effectively.
The benefits of using insurance services are as follows:
Source of image