Reaffirming Cyber ​​Attack Alertness in All Aspects

The more sophisticated the development of technology, the more sophisticated the cyber attacks. The forms are diverse and always threatening every time. However, not everyone is aware of how to take preventive measures before this incident happened to them.

Most companies, especially those in financial services and technology, spend billions of dollars to improve their IT infrastructure so that it is always maintained. In fact, it is predicted that in the future investment in this sector will explode, due to the more mature technology infrastructure.

From the side of education to consumers, various parties have also begun to encourage, for example the appeal not to give OTP codes to anyone, double locking accounts so that they are not easily hacked, and other things. This topic was raised in a discussion held by Monroe: Securing Our Future last week.

There were three speakers present on this occasion, Private Marshall (Privy.id), Ardi Sutedja (Indonesia Cyber ​​Security Forum/ICSF), and Hadi Kuncoro (Power Commerce). They share updates and data protection tips according to their expertise in their respective fields. Here's a summary:

Danger lurks just about sharing data

Marshall emphasized, personal data in today's digital era is an email address. The problem is, anyone can now compose an email, however and whenever they want. Finally, this problem boils down to the vulnerability of self-protection against cyber attacks.

The signature on the one hand is a sign that the signer himself has known the contents of the document, as a form of maintaining the integrity of the document content. When signatures were digitized, there was a new problem.

"There is wet ink glued to the paper, showing that there is legal force. But the problem is how when the signature is transferred to digital," he explained.

All can be-screenshot easily and copy paste to another document, generating a new document that could be misused its signature function for other purposes.

Another problem, he continued, is maintaining personal data today, not only dealing with smartphone devices and email accounts. But also personal data that is uploaded online and shared for certain purposes, is also a threat.

Marshall reminded, without realizing it, leaving your identity card when entering the building is the easiest possibility for our data to be stolen by irresponsible parties. No one can guarantee that the identity deposited at the reception is safe from crime.

It also reminds us that how easy it is for people to get personal data without having to bother because we ourselves are unknowingly sharing data easily.

Another everyday example that often happens, when applying for a new account or making a credit card. Personal data of prospective customers is written manually by officers, copies of personal identities are also usually photographed through their smartphone cameras. It's so easy to retrieve data, without realizing the huge risk behind it.

"How big is the risk every time we have to make a credit card and the procedure has to be done repeatedly. Besides being inefficient, it poses a risk to the protection of consumer data."

For data protection, Privy.id has done many developments, in addition to digital signatures (public key infrastructure). For example, facial recognition, liveness detection, smart authentication gatewayand AI driven document checker.

The technology developed above does not mean the solution is complete. Each solution creates a new problem, eventually requiring a new solution, which makes investing in this sector expensive.

Cyber ​​attacks are always lurking

Ardi Sutedja emphasized that cyber attacks are always lurking around the clock, even from the beginning. One of the cyber attacks that caused quite a stir in Indonesia was Stuxnet and WannaCry.

Referring to Statista data, in 2010, 58,31% of Stuxnet malware infections occurred in Iren. Indonesia, surprisingly came in second with 17,83%, the US only hit 0,89%.

While WannaCry attacked Indonesia in 2017. As a result, millions of attacks undermined company systems, in various industries, one of which was hospitals.

Ardi said that his team handled the malware attacks in a number of hospitals and found that one of the reasons was that the majority were using fake software. "Meanwhile, only 30% of the software they use is genuine," he said.

From the point of view of the readiness of human resources, in his view, it is very minimal. HR literacy is how to take preventive actions and how to anticipate when a cyber attack occurs, many of them do not understand.

There is cyber crisis management and incident reaction that HR needs to know about. The purpose of this management is to take actions and processes that must be taken to protect and maintain the reputation, products and services of an organization as a result of a cyber incident.

Meanwhile, incident reactions are more focused on day-to-day security management, such as malware incidents and DDoS attacks. However, to perform management, continued Ardi, has its own challenges including utilizing big data vs smart data, minimal IT investment, lack of digital skills, and data accuracy.

Cyber ​​attack trends on e-commerce sites

Hadi Kuncoro explained that cybercriminals are generally carried out by pleasure seekers, organized crime, terrorist groups, and the state itself. The way they attack is by phishing, identity theft, data falsification, either from outside the system or embedding directly from internal.

The motive is for economic, political, hate, racism, protest, and so on. Fraud on e-commerce sites is usually related to four parties, including sellers, buyers, software providers, and attackers.

An obvious example of a cyber attack is catalog fraud. Hackers copy the patents belonging to the owner of the official brand to do a photocopy of the image, a creative copy to use for counterfeit brand products.

They also duplicate brand names, logos, domains, and keywords that brands usually use.

"There are four trends in cyber attacks that often occur in the e-commerce industry, namely phishing, transaction data theft, DDoS attacks, data theft, and refund fraud," he concluded.