As remote work becomes part of everyday life, the importance of information security management and cybersecurity measures in corporate management continues to grow. Despite the fact that “information is a corporate asset,” many organizations still lack sufficient risk awareness—for example, continuing to use outdated hardware or operating software that has not been updated for more than 10 years. In response, this two-part series introduces the importance of security management, examples of cyberattacks, and countermeasures.

What Does IT System Security Maintenance Mean for Enterprises?

System security management can be broadly divided into five key elements:

• Physical Security Measures
Measures to prevent physical interference with facilities, equipment, and devices (such as data theft or loss). Examples include access control to facilities, biometric authentication, and surveillance cameras.

• Network Security Measures
Firewall management that separates internal and external systems, prevents unauthorized access to internal systems, and controls user access.

• Application Security Measures
When using applications, security must be properly managed for data access through those applications.

• Data Security Measures
All data stored in offices, on the cloud, or elsewhere must be properly managed through measures such as data backup and recovery in case of data loss.

• Internal Security Policies
Even if all the above measures are in place, efficient security management cannot be achieved without appropriate organizational policies, making this a critical component.

With the advancement and widespread adoption of IoT devices, information security management for IT systems must evolve accordingly. Preventing damage from cyberattacks before it occurs and raising internal awareness of information security are essential responsibilities of IT system administrators.

The Basics of Information Security: What Is “CIA”?

Information security is generally composed of three core elements, commonly referred to as “CIA”:

The Evolution of Cyberattack Methods

Since the 2000s, cyberattacks have become increasingly diverse and sophisticated.

▲ Ransomware attacks are increasing year by year, now occurring as frequently as once every 11 seconds.

Phase 1 (Around 2000)
With limited internet penetration, virus infections that disrupted systems were mainly spread via computers and USB devices.
hase 2 (Around 2010)
Infection routes expanded to include email attachments, illegal websites, and pirated software. Virus sophistication increased significantly, enabling attackers to steal passwords and data from keyboards and monitors or hide within PCs for hacking purposes.
Phase 3 (Around 2018–Present)
Data theft for financial gain or ransom has surged. Studies show that only about 25% of victims who experienced data theft were able to recover their data.

System Security Management Should Be Addressed as a Familiar Issue

Maintaining IT system security is a highly relevant and critical issue. To use a simple analogy, homes are protected from external threats with fences, walls, fingerprint authentication, and facial recognition. The same concept applies to IT systems. With extensive experience in IT system development in Thailand, we understand our clients’ challenges as well as the practical limitations at operational sites. This allows us to deliver stable system management, including smooth transitions from legacy systems to new systems. (System Engineer / Mr. Sae-Aung)

Kosin Sae-Aung
Assistant Manager / System Planning & Engineering – I
Joined Thai NS Solution in August 2021
Over 20 years of experience in IT, responsible for infrastructure-related strategies.

▶A Must-Read for IT Professionals! IT Security Basics You’re Afraid to Ask【Part 2】 — Real Cyberattack Cases in Thailand and Countermeasures —

If you would like to consult about IT system security management or measures against cyberattacks, please contact us via the inquiry form below.