Thailand Cyber Threats

Thailand's Cyber Threat Landscape — Real Numbers You Need to Know

Before discussing prevention methods, let's look at the real situation to understand how severe the threats facing Thailand truly are

• 70% above global average — Check Point's report indicates that organizations in Thailand face cyber attacks at a rate significantly higher than the global average
• 1,002+ incidents in 5 months — NCSA reported the number of detected threat incidents in the first half of 2025, averaging over 6 incidents per day
• Phishing and Banking Scams are the most common attack patterns found in Thailand, especially deceptive emails impersonating government agencies or banks
• Foreign APT groups — not just individual hackers, but state-sponsored groups with clear objectives to steal strategic data
• DDoS attacks on Thai government websites — in 2025, Distributed Denial of Service attacks were reported from Cambodian hacker groups targeting Thai government agency websites

These numbers are not distant concerns — every organization using information systems, whether ERP, email, or even websites, is a potential target

Why ERP Systems Are Hackers' Primary Target

ERP systems are the "heart" of organizational data because they consolidate critical information in one place, making them high-value targets for attackers

What ERP Stores	Why Hackers Want It
Financial data	Used for financial fraud / forging transactions — access to balance sheets, cash flow, and bank account data
Employee data	Used for identity theft / sold on the black market — ID numbers, addresses, salaries, tax data
Vendor/customer data	Used for Business Email Compromise (BEC) — impersonating business partners to trick fund transfers
Data onprocurement	Used to change payee account numbers (Invoice Fraud) — modifying vendor data in the system to divert funds

When hackers successfully breach an ERP system, they don't just get one piece of data — they get "everything" in one breach. This is why ERP systems are the highest-value targets for cyber attacks

5 Most Common Threats Thai Organizations Face

Based on reports from NCSA and Check Point, the most common attack patterns found in Thailand are:

1. Phishing — Deceptive Emails Tricking Users to Click Links / Enter Credentials

The most common pattern and starting point for most attacks. Hackers send emails impersonating trusted entities such as the Revenue Department, banks, or even internal executives, tricking victims into clicking links or entering passwords. NCSA data shows phishing accounts for the highest proportion of detected threat incidents

2. Ransomware — Encrypting Data for Ransom

Once hackers gain access, they encrypt all files and databases, demanding ransom in cryptocurrency. Without good backups, organizations may have to pay millions of baht or lose all data. Imagine — if the ERP system is locked on payday or at quarter-end closing, the damage would be enormous

3. Business Email Compromise (BEC) — Hacking Executive Email to Order Transfers

The pattern causing the highest financial damage. Hackers breach or spoof executive emails, then send instructions to the finance department to transfer funds to the hacker's account, often claiming it's an "urgent transfer" that must be done immediately. By the time it's discovered, it's too late

4. SQL Injection — Breaching Databases Through Web App Vulnerabilities

A technical attack targeting databases directly. Hackers inject malicious SQL commands through input fields on web applications. If an ERP system has this vulnerability, hackers can read, modify, or delete all data in the database. Read more about What is SQL Injection and How to Prevent It

5. Supply Chain Attack — Attacking Through Vendors/Suppliers Connected to the System

The most sophisticated and hardest-to-detect attack pattern. Instead of attacking the target organization directly, hackers breach the systems of vendors or suppliers connected to the organization, such as software providers, cloud providers, or business partners with API connections, then use that channel to access the target system

7 Measures Organizations Must Implement Today

Now that you know the threats — the next step is taking action. Here are 7 measures every organization should implement immediately:

1. Enable Two-Factor Authentication (2FA) on All Systems

Passwords alone are no longer enough. 2FA adds a security layer by requiring identity verification through a second device, such as a mobile phone or hardware token, ensuring that even if hackers obtain the password, they still can't access the system. Read more: What is Two-Factor Authentication (2FA) and Why Every System Needs It

2. Restrict Access (Least Privilege)

Each user should only access data necessary for their work. Sales staff don't need to see salary data, accounting staff don't need to edit customer data — restricting access reduces damage if any account is compromised

3. Regularly Update Server and Software Patches

New vulnerabilities are discovered daily. Regular patch updates help close vulnerabilities before hackers can exploit them. Organizations should have a policy to update patches at least monthly, and critical patches must be applied within 48 hours

4. Back Up Data Following the 3-2-1 Rule

The 3-2-1 rule means: keep at least 3 copies on 2 different media types, with 1 copy stored off-site. Having good backups is the last line of defense against ransomware — with backups, you don't need to pay the ransom. Read more: Disaster Recovery Every Organization Must Have

5. Train Employees on Phishing Awareness

No matter how good the defensive technology, it's useless if employees still click phishing links. Organizations should train at least twice a year and conduct phishing simulations to test whether employees can identify deceptive emails. Statistics show that over 80% of successful attacks begin with human error

6. Regularly Review Logs and Audit Trails

A good ERP system must log every activity — who accessed the system, when, what they did, what data they changed. Regular log reviews help detect anomalies quickly, such as logins from unusual IPs, data access outside working hours, or abnormally large data downloads

7. Conduct Penetration Testing at Least Annually

Hire security experts to perform penetration testing, finding vulnerabilities before real hackers do. Pentesting should cover network systems, web applications, and ERP systems, referencing OWASP Top 10 as the testing standard

Secure ERP vs Risky ERP

Not all ERP systems are created equal. Systems designed with security in mind from the initial architecture differ vastly from those that "add security later"

Aspect	Risky ERP	Secure ERP
Authentication	Password only	2FA + SSO
Database	No encryption	Encrypted at rest & in transit
Access Control	Everyone accesses everything	Role-based + Least Privilege
Audit	No logs	Full Audit Trail for every transaction
Backup	None/irregular backups	Auto backup + DR Plan

If your organization's ERP falls in the "Risky ERP" column — it's time for serious consideration, because the cost of prevention is incomparably less than the damage from an attack. Read more aboutdata security in ERP systems

Cyber threats don't ask if your organization is ready — they only ask "when," not "if"

— A cybersecurity mindset every executive should embrace

Conclusion — Don't Wait to Be Attacked Before Taking Action

Thailand's cybersecurity situation can no longer be overlooked. The figure of 70% above the global average and over 1,002 incidents in 5 months clearly show that threats are real and happening every day

ERP systems storing financial data, employee data, and procurement data are high-value targets for hackers. Choosing an ERP system designed with enterprise-grade security architecture is the most worthwhile investment

References

1. Check Point Software Technologies. "Thailand Cyber Threat Report." https://www.checkpoint.com
2. National Cyber Security Agency (NCSA). "Cyber Threat Situation Report." https://www.ncsa.or.th
3. Darktrace. "Chinese APT Target Royal Thai Police in Malware Campaign." https://www.darktrace.com