Cyber Security systems. 

Entrepreneurs in the business sector, whether small or large, in an era of growth amidst the advancement of technology, must aware of Cyber Security systems as today's devices such as mobile phones, computers, tablets, are used connect to the Internet and contains a lot of sensitive information which are targeted by hackers. Data from the University of Maryland last year (2022) found that hackers attempt to hack a system approximately every 39 seconds, or an average of 2,244 attempts per day.

Therefore, all Cyber Security systems must be updated more frequently along with the development of features on a regular basis to meet requirements to protect against threats from cyber-attacks that lead to loss of sensitive data, financial losses as a result of theft and prevent high costs of recovering stolen data as well as preventing the consequences of loss of good reputation, lack of trust, or risk of business closure in the event of a serious attack.

Currently, the common cyber threats that people, especially entrepreneurs, business people must be aware of include:

- Malware: This is a malicious software as it can be used to harm a user's computer, which may come in the form of files or programs, including worms, viruses, trojans, and spyware. 
- Distributed denial-of-service (DDoS): This is an  attack to disrupt the traffic of a target's system, such as a server, website, or network, by sending a large number of connection requests or packages to the target to slow down or crash the system.

- Social engineering is another form of attack by tricking users to steal sensitive information. 

- Phishing is a form of social engineering that involves spoofing emails from widely known and trusted sources and sending emails to trick victims into believing, such as forging emails to steal. Facebook username and password information by email spoofing to steal Facebook username and password information by disguising the email address as a Facebook staff, which is so indistinguishable from the real email that the victim is convinced.

- Spear Phishing is another type of phishing attack with clear targets. 

- Ransomware is malware that involves attacking users. The attacker locks the file or locks the computer system of the victim user by encoding it and demanding money to get a password to unlock user's file or computer system. 

- Insider Threats are threats arising from within an organization, either intentionally or unintentionally, such as internal employees, contractors, or customers.

- Man-in-the-middle (MitM) is a man-in-the-middle attack eavesdropping on a target and impersonating a target by sending fake information to another target.

- Advanced persistent threats (APTs) are attacks in which an attacker infiltrates the targeted network and hid for a time long to steal information

The agency has considered implementing government cyber threat solutions (post-incident activity) as follows:

1. To take incidents related to emerging cyberthreats and have significant cyberthreat characteristics as case studies, such as considering the vulnerabilities of service infrastructure, policies, and processes, as well as personnel training and identify authorized personnel and tools to be used, as well as find ways to prepare for and prevent cyber threats of such nature with related persons or agencies.
2. To gather operational data related to cyber threat response (weekly or monthly), e.g. number of threats cyber incident, the time spent dealing with the different types of cyber threats and the purpose of the attack, etc., to present to the person in charge and responsible within the department. 

3. To improve preparation measures to prevent and deal with suppression, including the suppression of cyber threats at each level to be appropriate and be up to date with changing situations. 

4. To retain necessary information and evidence for use in forensic processes or in the case of grievances or prosecution in accordance with the guidelines and period for retention of evidence regarding cyber threats set by the agency.

Source: Electronic Transactions Development Agency
Tel: +66 2 123 1234