News

THNIC Supports Website Security Standard 1.0 to Strengthen Cybersecurity for Government and Educational Websites

on January 23, 2026        by Administrator

        On January 20, 2026, Dr. Pensri Arunwatanamongkol, Executive Director of the Thai Network Information Center Foundation (THNIC), spoke about the online training program, NCSA Cybersecurity Knowledge Sharing No. 4/2569, under the topic “Website Security Standards 1.0: Preparing for Next-Generation Cyber Threats”, organized by the National Cyber Security Agency (NCSA) in collaboration with the Office of the Basic Education Commission (OBEC) and partner networks, with the aim of enhancing the cybersecurity of government and educational websites.

        Dr. Pensri Arunwatthanamongkol stated that based on cybersecurity situation data, there were more than 4,000 cyber threat incidents in 2025, a significant increase from 2024. It was also found that educational institutions remain one of the top targeted groups for cyberattacks, although they have dropped to second place after other government agencies. A key factor is the limitation of personnel and workload of teachers and system administrators, resulting in many school websites lacking systematic security management.

        She also presented examples of commonly found cyber scam patterns, particularly email-based attacks that are not simple, fake-email impersonation, but rather attacks using real organizational email accounts that have been compromised by attackers. These compromised accounts are then used to send phishing emails (Phishing Mail) to large numbers of people, including high-return investment scams, fake links, unpaid billing notifications, or requests for personal information. Recipients often believe these emails because the sender appears legitimate. This type of incident is not domain hacking or DNS infrastructure compromise, but rather Email Account Takeover, which makes detection by conventional security systems more difficult and phishing emails appear highly credible. (Read more at https://thnic.or.th/phishing-mail-account-takeover/)

    In addition, other cyber threat patterns that educational institutions should be aware of include:

  • Phishing Email Fake emails impersonating organizations or internal personnel to trick users into clicking links or providing information

  • Fake Website / Redirect Creation of fake websites or redirection to malicious websites

  • Account Takeover The takeover of email accounts or administrator accounts to be used as a base for further attacks to Social Engineering, or the use of urgent messages to trick victims into transferring money, opening files, or disclosing important information.

        Dr. Pensri highlighted that these incidents reflect website security, which is not only a technical issue but also involves selecting appropriate services and the importance of user identity verification, which helps reduce fraud and cyber threats.

        In this presentation, Dr. Pensri emphasized the role of the .th and .ไทย domains, which have a clear registration verification process using verifiable documents such as national ID cards, corporate registration certificates, or trademarks. This helps enhance credibility, reduce impersonation risks, and serve as a key foundation of website security. She also introduced awareness-building measures through domain usage promotion in the education sector via three main projects:

  • webkru.in.th – Enhancing teachers’ digital capabilities through hands-on website development training for teaching and learning purposes, while providing free .th or .ไทย domain names for two years.(https://webkru.in.th)
  • webstudent.in.th – Encouraging students to create online e-Portfolios for university applications, with free domain name support for three years. (https://webstudent.in.th)
  • webac.in.th – Promoting the adoption of .ac.th domain names among educational institutions and encouraging the use of official school email addresses instead of public email services to improve credibility and communication security. (https://webac.in.th)

     

        In addition, security tools that organizations can immediately use were introduced such as secure link-shortening services with verified link creators:

    

        Furthermore, the importance of DNSSEC was emphasized as a key mechanism for verifying the correctness of website address information and preventing redirection to fake websites. The increasing trend of DNSSEC adoption reflects growing cybersecurity awareness.

        This knowledge-sharing session aimed to help organizations understand Website Security Standard 1.0, developed based on the international NIST Cybersecurity Framework 2.0, covering five functions: Identify, Protect, Detect, Respond, and Recover, for sustainable and context-appropriate cybersecurity management in Thailand.

Share :