Experts are confident cybersecurity threat lurks in the new normal. To thrive, organizations must design resilient system that can function if attacked.
“It’s not the question of being hacked, it’s the matter of when you’re going to hacked? Organizations should have a mindset to be ready to response to all cyber threats, aside from considering cyber security breach by hacking, organization should resilient and able to keep the operation going when hacked.”
These are words of warning and advice from Prof. Parinya Hom-anek, Cybersecurity Expert and Chief Executive Officer of ACIS Professional Center Co., Ltd. at the RoLD Virtual Forum: Living with COVID-19 on “Cyber Threat (Not) New Normal,” hosted by the Thailand Institute of Justice or TIJ on 18th of June 2020.
“Cybercrime is a borderless crime, transnational in nature and could develop into transnational organized crime. Perpetrators utilize advanced technology to commit crime, so the issue is complicated and requires collaboration with experts of other crime types.”
These points made by Prof. Parinya are indications that public and private organization should seriously focus on the issue of cybercrime. Especially during the Covid-19 pandemic with the new normal in cyber world, most people have been forced to shift to work primarily online.
Prof. Parinya also pointed out that at the recent World Economic Forum, the issue of cybersecurity has been raised as one of the main agenda of the forum. The information showed that cyber criminals are ready to attack network system all the time. Therefore, Thailand, as one of the attractive countries that draws foreign “investment,” it is vital for Thailand to consider safety issue from cyber attacks because cybersecurity will be one of the deciding factors for investors.
Prof. Parinya is confident that Thailand’s current legal instrument is up to date. Thailand’s Cybersecurity Act was enacted to provide cybersecurity from cyber threats and to prevent network systems from being compromised. In essence this law affirms that it has no relevance with the contents that are being circulated online. Another legislation is the Personal Data Protection Act, which protects individual’s rights to the information in terms of consent to use personal data online.
In his opinion, despite good legal instrument, there is another concern on “the lack of cyber sovereignty in Thailand.” In the context of cybersecurity, cyberspace exists beyond other territories: sea, air, land and outer space; Thai people are currently accessing foreign platforms, so users’ personal information are more susceptible to being used by these platforms than by the local platforms. Moreover, there are also websites that exist under the iceberg or the Deep web that host very specific data, as well as websites in the Dark web that host illegal contents. These platforms are more concerning because these websites can not be accessed by general browsers like Chrome, Safari or the Internet Explorer. In the current world, where data is power; almost all the information is controlled by large platforms like Google or Facebook and as technologies are constantly being upgraded, humanity is being undermined. Therefore, Thailand should urgently educate their citizens about the cyberspace.
Pol. Lt. Col. Patthana Sukarasut, Special Case Expert from Department of Special Investigation or DSI pointed out that cybercrime is an imminent threat because technology plays an important role in the daily lives of the people. It is worth deliberating new ways to address “cyber criminals” because they are highly skilled in using technology to commit crime.
He proposed a new definition of these cyber criminal as “Smart criminal,” they are smart, and they have highly advanced technology skill that can out smart officials, so they are not to be underestimated. Cybercrime has no race; it is borderless and very hard to investigate. When a crime is committed in another country, but the act of crime occurs in another country, law enforcement becomes complicated. Each investigation will need to consider existing Mutual Legal Assistant Treaty or Extradition Agreement between countries.
DSI Expert also pointed out the persisting challenges on the understanding of law enforcement for cybercrime cases, because this type of crime is usually are interconnected with other types of crime, but the crime is committed on cyberspace. This is also related to electronic evidence collection where forensic police officers should understand the crime in order to efficiently process the crime scene so they can collect the right evidence or handle encrypted evidence correctly. Any tampering, loss or damage to the evidence will have repercussion on its admissibility, even though the computer evidence were seized by the officers.
“Imagine a foot pursuit with a police officer running after a criminal, they are still going the same direction and if the police officer has more stamina, eventually the criminal will be apprehended. But in the current context, its almost impossible to know which direction the criminal is running to, even a high-performance officer can go chasing criminal in the wrong direction.”
Criminal groups can expand into transnational crime organization without having to be acquainted with one another, their relationship is based on the common interest to commit crime. Pol. Lt. Col. Pattana pointed out that officers should enhance their skill and capacity to be ahead of the game of cybercrime. Experts from many disciplines should work collectively to investigate and to combat cybercrime, which is a complex type of crime to prosecute. He is confident that Thai officials are highly competent because their past performance has proven successful in investigation and prosecution, but their work methods are kept confidential.
DSI representative cited the Internet Crime Report from the FBI from 2016-2017 which reveals that cybercrime victims are from all population groups. People of all genders and all ages use internet more but the awareness on cybersecurity vary from age groups. During this period, people are using more technology, people are working more from home, so they are more susceptible to become victims. Another catalyst is increased financial transaction online which attracts more cyber criminals.
Asst. Prof. Sawitree Sooksri, Full-time professor at the Faculty of Law, Thammasat University sees that enforcement of the law for cybercrime prevention and suppression will have to reconsider the gaps or differences between the traditional crimes and the current crimes, and consider what kind of instruments exist that can be used to close that gap. Therefore, cybercrime can be categorized by its nature and characteristics into five aspects as follow:
1. Anonymity A person who commits crime online can conceal his/her identity and be anonymous online. In order to conduct investigation and prosecution, aside from having effective laws; skilled and competent law enforcement officers responsible for investigation are needed to search for perpetrators who are committing illegal acts online.
2. Security Cybercrime targets data or network system of organizations, therefore cybersecurity system should be efficient. It is often found that cybercrime which occurred in large organization was committed by insiders or former employee, those who are knowledgeable about the organization’s security system. Therefore, the law should also take into consideration that professional experts can be criminals too.
3. Privacy A scenario when government officials conduct investigation on a suspect and may employ interception technique which may also affect information shared to people around the suspects as well. Therefore, whether there is violation of privacy of suspect’s associates by the government is questionable.
4. Globalization Cybercrime is a borderless crime where perpetrators commit crime in one location, but the result of the crime committed occurs in another location. Therefore, relying on a single country’s legislation is insufficient and international cooperation is key in combating this type of crime.
5. Rights and liberty of the people Creating the balance between prevention and suppression while also not violating the rights and liberty of the people.
In Thailand, Computer Crimes Act is a comprehensive law enacted to address the two types of crime but the prosecution of the Crime about content is questionable in terms of balance between protection of rights and liberty of the people and prevention and suppression of contents on the internet. It is seen that the Computer Crimes Act may overly rely on discretionary power of the officials so there is a risk of violating liberty of expression of the people, and access to news and information.
She also cited an example on a study from Criminology, that analyzes the three elements of the crime occurrence which are criminal intent, right victim and unprotected victim. The study shows that cyber criminals aim to target victims who are least protected, therefore if the government enhance the preventive mechanism, people will be more secure and protected from these criminals.
Mr.Jeremy Douglas, Regional Representative of Southeast Asia and the Pacific of the United Nations Office on Drugs and Crime or UNODC stated at the seminar that as Governments all over the world imposed lockdown measures during the Covid-19 pandemic, people rely on the digital world to live and work, which provided the opportunity for criminals to exploit vulnerable groups. For example, more children at home are spending a lot of time using applications online and more senior citizens utilize social media to communicate with their families. Rapid development in cyber space in this region opened doors to various forms of cybercrime which is a borderless crime.
UNODC data indicates that cybercrime is rapidly changing and showing increasing trends in various forms of threats such as Hacking, Malware, Ransomware, Botnet, Distributed Denial of Service attacks, Romance scam, online illegal business by transnational criminal network and illegal trade on Darknet.
Cybercrime that is predominant in Asia is Online Child Sex Exploitation through live streaming with payment transaction using digital currency, without having to disclose identity of the viewers. He commended Thailand for the country’s continuous commitment and dedicated efforts for many years to close down websites and platforms that host child sex exploitation materials.
Jeremy concluded that diplomatic cooperation is extremely vital. ASEAN member states should collaborate to address issue of differences within the Region in both implementation and strategy, especially in promoting strong allies between the public and private organization. UNODC is ready to offer its technical support to all government agencies for cybercrime prevention and suppression in all countries.
Prof. Dr. Kittipong Kittayarak, TIJ Executive Director, provided a concluding remark at the seminar that cybercrime is a significant hurdle towards Thailand becoming a country with “Digital citizen”, therefore collective efforts are needed to address this crime from all dimensions. Cybercrime can be diverse and complex because this type of crime is committed on internet network with ease of concealment, making it more difficult to prevent. Laws need to be diverse and updated with consideration on effectiveness in law enforcement because criminal can commit crime across borders regardless of agreements or treaties. On the other hand, officers working to collect evidence face limitations on jurisdictions or international cooperation such as handing over evidence can be a complicated process.
TIJ Executive Director recognizes that the balance between power of the state and protecting people’s rights and liberty is a challenge in addressing cyber threat. Over regulation and control can hinder development but overly relaxed regulations can lead to abuse of power.
He added that the TIJ is currently cooperating with UNODC to promote capacity building for personnel, research and development of the laws for human resources of Thailand and ASEAN region. Earlier this year, the TIJ organized an academic forum with panelists from ASEAN justice system to contribute their views at the 2nd ASEAN Conference on Crime Prevention and Criminal Justice to support agencies and ASEAN population to response to cybercrime.
The Culture of Prevention can be promoted by improving education curriculum to include contents on cybercrime or educating population about the issue. Prof. Dr. Kittipong concluded that the government will have to adapt to digital transformation in order for the transformation to fully benefit all sectors. This transformation could be an instrument to provide inclusive development opportunity without creating disparity and leaving no one behind. So people’s rights are not violated by the government and everyone can mutually benefit from this transformation.
Download
Keynote address by Mr.Jeremy Douglas
The Global Risks Report 2020
