The National Cyber Security Agency (NCSA) is gearing up to develop the cybersecurity skills of personnel working in seven sectors of critical information infrastructure (CII) through an intensive capacity-building programme, as cybercrimes have intensified around the globe.
The first phase of the training programme targets 2,250 trainees in a fundamental course as well as almost 1,000 specialists and executives in related courses by 2022.
The move comes amid a rise in cyber-attacks in terms of severity and scale around the world, particularly during the pandemic when organisations pivoted towards online work.
According to the 2019 Cybersecurity Act, NCSA is responsible for developing necessary skills and competence in relation to cybersecurity for personnel in the state and private sectors, making sure they are up to international standards. This task is in line with its digital economy and society action plan for 2018-22.
Chaiwut Thanakamanusorn, digital economy and society minister and chairman of the NCSA board, said cyber-attacks are becoming more common among state and private sectors around the world.
Cybercriminals exploit organisations' systems vulnerabilities to gain access to sensitive corporate data, particularly those dealing with CII, which could cause economic and social damage to the country, he said.
The seven key CII sectors comprise: state security agencies, public services, finance, telecom and information technology, transport and logistics, energy, and public healthcare.
These sectors are frequently targeted by cybercriminals via malware and ransomware, said Mr Chaiwut.
Earlier this month, state-run Phetchabun Hospital saw the data of more than 10,000 patients stolen through its web-based application, which is suspected to be of a subpar standard.
The development of cybersecurity skills among experts and executives is the most important factor in helping to fend off cyber-attacks, he said.
NCSA secretary-general Lt Gen Prachya Chalermwat said the first phase of the cybersecurity capacity-building programme will see 2,250 personnel of CII-associated organisations undergo fundamental cybersecurity training.
In addition, NCSA plans to organise an executive-level course for 50 people, an open web application security project course for 200 people, a practical specialist course for 200 people, a particular field course for 200 people and a specialist course for 300 people.
"The programme is designed to develop the capabilities of personnel and create experts at a level on par with other countries, as well as support them in receiving international certificates related to cybersecurity," said Lt Gen Prachya.
Thailand has only 250 cybersecurity personnel who have obtained the Certified Information Systems Security Professional, an information security certification for security analysts, compared with around 300 personnel in Malaysia and more than 3,000 in Singapore.