Banking and cybersecurity have a lot in common: they both seek to secure an asset, whether it be monetary or information, using a combination of passwords, authentication checks, vaults and (fire)walls.
Where the two historically differ, though, is their views on sharing information: Banking secrecy has been traditionally and/or legally enforced for hundreds of years by banks as part of their service; whereas the sharing of threat intelligence among computer emergency response teams (CERTs) is vital to the mitigation, response and analysis of cyber threats.
Although recent events and cultural changes have led to a shift towards open banking, security breaches are still something that many organizations, banks especially, are hesitant to share — reputation is still an important asset.
This is one of the biggest challenges that Kitisak Jirawannakool, an Information Security Consultant at the Thai Bankers’ Association, has faced since he was tasked with establishing the Thailand Banking Sector Computer Emergency Response Team (TB-CERT) in late 2017.
“A lot of my time is spent alleviating the concerns of our members, and potential members, that the cybersecurity information — which is predominantly technical data — they share with TB-CERT is confidential (if they so choose) and only being used to make other members aware of cyber threats; the information is not being used in a way to blame them for any attacks or breaches they may have incurred,” explains Kitisak, who has been working in the Thailand CERT community for over 10 years.
“This is where TB-CERT affiliation with the Thai Bankers’ Association (TBA) has helped. Sometimes when it’s difficult or complicated for members to share information, they ask us to help transmit the message as the TBA has a neutral standing and good reputation in the community for helping to facilitate between the industry and the regulator.”
Having recently passed its one-year anniversary, TB-CERT has so far attracted 20 members — banks and companies related to banks. They collaborate to not only share information on cyber threats but undertake training and comply with best practice cybersecurity standards and procedures.
“The IT security specialists working in the banks understand the importance of sharing information, so we don’t necessarily need to preach to them. Instead we want to support them with training and best practice information and assist them with communicating the importance and need for management to enable their internal security specialists to interact with the TB-CERT community,” says Kitisak.
“A benefit of having a bank sector CERT is that these companies can get information and training on tools that are specific for the banking sector.”
Training has included a ‘capture the flag’ exercise, with workshops on how to use specific tools (such as Wireshark) planned for the future. TB-CERT has also provided private advisory services to some of its members who’ve required assistance with their security strategy.
“We also organize activities unrelated to day-to-day cybersecurity activities, such as getting together to play soccer or basketball, or grabbing a meal or coffee. The social aspect is really important for building trust,” something that Kitisak adds is a key element in the world of cybersecurity. Security depends on trust and collaboration: we need everyone to be a part of protection.
Tapping into an international network of cybersecurity specialists
Having helped establish ThaiCERT previous to TB-CERT, Kitisak has also helped TB-CERT members to plug into his vast network of cybersecurity and CERT expertise and contacts around the world.
“The concept of cybersecurity and its far-reaching landscape is still fairly new for many industries in Thailand. Even security specialists haven’t heard of, or considered, the benefits of joining international organizations and forum such as FIRST and ISF, or becoming signatories of the Budapest Convention on Cybercrime.”
“Being a part of these and other global communities all helps with establishing your reputation, building trust, and ultimately strengthens your cybersecurity efforts.”
Due to the initial successes that TB-CERT has achieved in its short time, Kitisak has also fielded interest from the Thailand Capital Market and Insurance sectors to develop their cyber response efforts in an effort to strengthen the cybersecurity of the greater financial sector in Thailand.
“So many people in Thailand now say that I am like a CERT father. I’m happy with that title as I like to impart the knowledge that I know and watch as cybersecurity efforts in Thailand mature and evolve.”
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.