Cybersecurity remains the top priority in digital transformation journey

(L) Boonson Jenchaimahakoon, GSB's head of IT Group,  (C) Sathapanic Sriprom, CIMB Thai's head of digital technology, (R) Supannee Amnajmongkol, Red Hat Thailand's country manager
(L) Boonson Jenchaimahakoon, GSB's head of IT Group, (C) Sathapanic Sriprom, CIMB Thai's head of digital technology, (R) Supannee Amnajmongkol, Red Hat Thailand's country manager

With increasing incidences of cybercrimes and ransomware attacks worldwide while Thai digital banking sector has negatively been impacted by more sophisticated cyberattacks, the organizations and the government agencies are working closely to minimize and prevent the fraudulent transactions and financial crimes along with their digital transformation journey.

 

Mobile banking services and e-commerce platforms are targeted in cyberattacks since Thailand has more active users with high usage rates and potential risks from unexpected fraud and crime activities lured by gangster and scammers.

 

From statistics of National Police Department (Sor Tor Chor), the reported financial fraud incidents which are made in 2022 classified into (i) Deceive to buy online merchandises 50,000 incidents, (ii) Deceive to transfer fund online 20,000 incidents, and (iii) Deceive to make online personal loans 18,000 incidents

 

Categorised by type of frauds, the followings show filed lawsuits with Police

Call Centers deceived 13,000 lawsuits with damage loss Baht 2.6 billion

Frozen nominee accounts 58,000 lawsuits with damage loss Baht 5.5 billion

Apps to draw monies automatically with damage loss Baht 500 million.

 

On March 9th, 2023, the Bank of Thailand (BOT) announced additional measures to tackle online banking frauds.

  • Banks to stop sending SMS or emails with links which require customers’ personal data input eg account name, password, ID no.
  • Transfer fund over Baht 50,000 per each transaction or transfer fund over Baht 200,000 per day or any modification of daily fund transfer amount of over Baht 50,000  must be validated with biometrics or face scanning recognition.
  • One mobile banking’s user account per one device. 
  • Suspicious and to be investigated accounts which are made by nominees.

 

Additionally, Banks must put a system in place that can detect suspicious transactions round-the-clock and notify any such transactions to the Anti-Money Laundering Office so that they can take appropriate action.

 

This system, using advanced algorithms and machine learning, will be capable of analyzing large amounts of data and detecting any suspicious transactions in real-time. The system can identify patterns of fraudulent events, such as unusual login attempts, multiple transactions with unfamiliar accounts, and large sums of money transferred to offshore accounts.

 

Red Hat’s Global Customer Tech Outlook 2023 survey reveals that the security issue is the top IT funding priority across all regions and almost all industries.  Among the security funding priorities, network security (40%) and cloud security (38%) were the top priorities.

 

Cloud security was the top cloud infrastructure priority (42%).  Data security and integrity was the top analytics funding priority (45%), edging out artificial intelligence (AI) or machine learning (ML).  Security automation (35%) beat out cloud services automation (33%) and network automation (30%) as the top automation priority. 

 

Supannee Amnajmongkol, country manager for Red Hat Thailand, said the development of open source has been accelerated during the past few years because it supports new models of doing business and work.  Approximately 80% of Asia Pacific IT leaders expect to increase their use of enterprise open source software in various areas such as data/analytics/artificial intelligence (AI)/machine learning (ML), internet of things (IoT), containers.

 

Key advantages of open source solutions are their integrated security approach since they look at each layer of the technology stack, their collaborative software supply chain teamworks with products, their partner ecosystem allows businesses to scale digital offerings faster and more accurately, and they mapped to industry standards externally.

 

CIMB Thai’s head of digital technology, Sathapanic Sriprom said becoming a leading digital –led regional bank to cope with the tech-savvy customers and the demands of advanced digital banking innovation, the Bank has leveraged Red Hat’s open source solutions to provide the new banking platform’s agility, scalability and resiliency to support high development volumes on both cloud and on-premise environments.

 

CIMB has been awarded as Red Hat Innovation Award 2022’s Digital Transformation and Hybrid Cloud Infrastructure category.

 

A Thai state enterprise and social bank with over 22 million customers and 1,060 branches nationwide, Government Saving Bank (GSB) head of Information Technology Group, Boonson Jenchaimahakoon said that the Bank needs to speed up time-to-market for new products in digital financial services while staying ahead of security risks. 

 

GSB develops an open banking platform that would host its APIs and provide managed and advanced services to both internal and external parties with strong security capabilities.

 

The 4 key highlights that Red Hat Security Team’s has encountered with and raised for awareness:

 

  1. Having a good incident response plan

 

An incident response plan is a preset action plan for all major security incidents. Having a good incident response plan helps stop, contain, communicate and resolve incidents quickly, efficiently, and consistently. 

 

The open source community can help and solve problems quickly because our security teams have regularly discussed with the developer community. 

 

  1. Implementing a unified automation strategy in order to streamline compliance and governance

     

Compliance and governance are major concerns for many enterprises. Security automation can help by reducing risk associated with human errors and allowing for everything-as-code. 

 

With security automation, this can streamline required compliance and governance with: traceability and repeatability for compliance, consistent configuration and management across a multivendor environment, automated rollout of policy, system updates and firewalls across the entire network. 

 

This is especially important in hybrid cloud, where we are bridging a number of cloud environments - banks, telcos, and in public sector organizations.  Products such as Red Hat Ansible Automation Platform allow organizations to take advantage of a leading automation platform that includes a curated collection of modules, roles and playbooks to help investigate and respond to security threats. 

 

  1. Building proactive monitoring: threat Intelligence 

     

One way to test secure architecture and code is through threat modeling. This is a proactive  core activity that should be implemented in early design stages, so we can build trusted platforms. 

 

Creating this mindset enables security at the core of your development process, which helps to identify and map weaknesses, clarifies the roadmap and points in the direction of what needs to be fortified 

 

  1. Focusing on security as a culture

The old model of thinking is that security is a one patch, one fix, or static situation.  Actually, it must be an ongoing practice. When developers create code, they play a role in contributing to an organization's culture.  Being immersed in security as a culture means organizations always have it in consideration and practice as they expand their applications or digital products.

 

Security best practices can take the development lifecycle to another level. Security will be a challenge for developers, designers, and architects. While seeking excellence in this area, organizations, developers, and communities can count on open source projects, tools, and guidelines to quickly evolve and achieve a constantly improving secure software development lifecycle.