SEC moves after banks’ data breach

The Securities and Exchange Commission (SEC) has conducted a close inspection of the cybersecurity systems of securities companies to prevent a possible cyberattack on their customer databases, according to the Association of Thai Securities Companies chairperson Pattera Dilokrungthirapop.
This move was triggered by the cyberattack last week on some customer information held by Kasikornbank and Krungthai Bank computer networks. 
She said that the association and the SEC have been discussing the issue of cyberattacks since late last year as the SEC had given a top priority to the protection of customer information. 
The SEC had issued related guidelines, which securities companies are required to comply with. These include requirements for their security systems. They must also have dedicated teams in charge of their cybersecurity systems and must share information in the event that their information is hacked.
The SEC has also instructed the boards of all securities houses to give make customer data protection their top priority and implement related measures.
It is not yet clear whether any securities companies’ databases have been compromised. 
“The companies have been alerted to this issue and have been preparing themselves for almost a year,” Pattera said. 
Despite being well prepared on the matter, the companies must ever let their guards down given that the hackers have constantly seek new ways to breach the defences, she said.
Prinn Panitchpakdi, CLSA Securities (Thailand) managing director, said that the brokerage houses should also keep further fostering their cybersecurity systems and enhancing their staff’s knowledge about cyberthreats.
Budsakorn Teerapunyachai, director of the Information System Examination Department at the Bank of Thailand, said that within the next month the central bank would issue new guidelines for cybersecurity practices for electronic transactions involving commercial banks.
She added that the BOT took two years to complete the new guidelines, which are much more comprehensive than past rules. The guidelines will require the banks to more strictly examine their cybersecurity systems.
Budsakorn added that the BoT is at the same time sensitive to the need for the stricter rules to not hinder the banks from innovating to better serve customers. The BOT’s role, she said, is to seek a balance between the bank’s stricter cybersecurity defences and the creation of new and innovative services.
The central bank recently asked all financial institutions to examine their cybersecurity systems and to plug the loopholes. It will also work more closely with related parties such as the SEC and cybersecurity experts to devise new measures to prevent hacking, said Budsakorn.