SEC moves after banks’ data breach

[webfact]

SEC moves after banks’ data breach

By The Nation

 

FILE photo

 

Watchdog conducts close inspection of cybersecurity systems of stock brokers 

 

The Securities and Exchange Commission (SEC) has conducted a close inspection of the cybersecurity systems of securities companies to prevent a possible cyberattack on their customer databases, according to the Association of Thai Securities Companies chairperson Pattera Dilokrungthirapop.

 

This move was triggered by the cyberattack last week on some customer information held by Kasikornbank and Krungthai Bank computer networks. 

 

She said that the association and the SEC have been discussing the issue of cyberattacks since late last year as the SEC had given a top priority to the protection of customer information. 

 

The SEC had issued related guidelines, which securities companies are required to comply with. These include requirements for their security systems. They must also have dedicated teams in charge of their cybersecurity systems and must share information in the event that their information is hacked.

 

The SEC has also instructed the boards of all securities houses to give make customer data protection their top priority and implement related measures.

 

It is not yet clear whether any securities companies’ databases have been compromised. 

 

“The companies have been alerted to this issue and have been preparing themselves for almost a year,” Pattera said. 

 

Despite being well prepared on the matter, the companies must ever let their guards down given that the hackers have constantly seek new ways to breach the defences, she said.

 

Prinn Panitchpakdi, CLSA Securities (Thailand) managing director, said that the brokerage houses should also keep further fostering their cybersecurity systems and enhancing their staff’s knowledge about cyberthreats.

 

Budsakorn Teerapunyachai, director of the Information System Examination Department at the Bank of Thailand, said that within the next month the central bank would issue new guidelines for cybersecurity practices for electronic transactions involving commercial banks.

 

She added that the BOT took two years to complete the new guidelines, which are much more comprehensive than past rules. The guidelines will require the banks to more strictly examine their cybersecurity systems.

 

Budsakorn added that the BoT is at the same time sensitive to the need for the stricter rules to not hinder the banks from innovating to better serve customers. The BOT’s role, she said, is to seek a balance between the bank’s stricter cybersecurity defences and the creation of new and innovative services.

 

The central bank recently asked all financial institutions to examine their cybersecurity systems and to plug the loopholes. It will also work more closely with related parties such as the SEC and cybersecurity experts to devise new measures to prevent hacking, said Budsakorn.

 

Source: http://www.nationmultimedia.com/detail/business/30351488

 

-- © Copyright The Nation 2018-08-06

[Chang_paarp]

Does anyone else hear the sound of barn doors slamming to the fading percussion of hooves as the horses disappear into the distance.

[Samui Bodoh]

The problem in Thailand isn't particularly one of laws (there are over-powerful laws covering almost any behaviour), the problem is one of enforcement, compliance and penalties.

 

Were there to be a massive data breach tomorrow (and, there will be one soon; it is inevitable), does anyone believe that the banks would be punished? Would face severe enough penalties that they would be forced to take proper action? OR, do people believe that the banks would simply waive off/ignore any penalties incurred?

 

Banks are powerful all over the world, and especially in Thailand. And, in Thailand the powerful have no fear of the law or sanction.

 

Thais will only get data protection if it affects the international reputation of Thailand or Thai institutions. If it affects the average Somchai; who cares, really?

 

 

Edited August 5, 2018 by Samui Bodoh
Lack of coffee

[Chris Lawrence]

4 minutes ago, Samui Bodoh said:

Were there to be a massive data breach tomorrow (and, there will be one soon; it is inevitable), does anyone believe that the banks would be punished? Would face severe enough penalties that they would be forced to take proper action? OR, do people believe that the banks would simply waive off/ignore any penalties incurred?

The Armed forces usually have a sit on the board or there about's. Hard to draw your mate out into the public eye. Look at the problem Benny is having.

[Redline]

They have no expertise to stop attacker’s 

[Cadbury]

5 hours ago, webfact said:

The Securities and Exchange Commission has conducted a close inspection of the cybersecurity systems of securities companies to prevent a possible cyberattack on their customer databases

If there was such a cyber attack on the stock exchange that would be most serious.

Information of politicians shareholdings would be revealed and even worse maybe those shareholdings they have "forgotten" to  include in their asset declaration. Also shares held by family members would make interesting reading.

Likewise the junta's elite friends, military generals and senior civil servants could be seriously embarrassed. 

What a bonanza this would be for the other political parties in the upcoming election.