Cyber Attack Increasingly Rampant
JAKARTA, KOMPAS – Cyber attacks have become more rampant of late. Data from a number of institutions show an increase in cyber attacks and related activities. Some have pointed out that the attacks have also moved from financial gains to political interests. Thus, securing access and data must be heightened.
Data from a number of institutions collected from a few weeks ago until Sunday (4/6) have shown an increase in the number of attacks.
The Communication and Information Ministry said attacks that affected over 10 million identities have continued toincrease in the mass of victims. In 2014, cyber attacks affected 11 million identities, which increased to 13 million identities in 2015 and to 15 million identities in 2016.
The Ministry even said that Indonesia is one of10large countries that have been included as a cyber wartarget. Of the 10 target countries, Indonesia is fifth or sixth on the list.
Software company Symantec, in its “Internet Security Threat Report” this year, reported on a global internet attack. Initially, Indonesia was 29th on the list, but in 2016, Indonesia found itself in the 17th position. Emails containing destructive software used to be one in 236 emails; now, it is one in 156 emails.
Akamai’s “State of the Internet Security Report” in the first quarter of 2017 stated that Indonesia is ranked 17th in the list of targets and has been attacked through 3.2 million dangerous page requests by users.
Michael Smith, Security Chief Technology Officer at Akamai TechnologiesAsia Pacific & Japan, explained by email that the reason Indonesia is being targeted is because of its large internet population. Based on researchby the Indonesian Internet Service Providers Association, the number of internet users in Indonesia reached 132.7 million in 2016.
Senior Director, Systems Engineering at Symantec Asia Pacific, Sherif El Nabawi, also said recently that the number of cyber attacks in Indonesia had risen because internet usage in the country had also seen a sharp rise.
The attackers see internet usage data which indicates a significant flow of large amounts of money in the country, so they are prepared to do anything toprofit from it.
However, Symantec said that motives of cyber attackers were now starting to swing from financial to politicalin nature by committing acts of sabotage, like that had been done in a few Middle Eastern countries.
The risk of cyber attacks was rising for the people of Indonesia, were becoming increasingly reliant on technology and the internet.
“Indonesia is fairly vulnerable because it is in the cyber attack top 10. We can even see a tab on the internet which displays livedata of cyber attacks carried out around the world, consisting of both current data and yesterday’s data. Indonesia is the fifth or sixth-ranked target country,” said Communication and Information Minister Rudiantara.
Rising risk
Computer science professor at the ABFI Perbanas Institute, Richardus Eko Indrajit, explained that the risk of cyber attacks was rising for the people of Indonesia, were becoming increasingly reliant on technology and the internet. For people who are part of an organization, the human factor is one of the deciding factors in preventing an organization from becoming a victim of a cyber attack.
“Humans often are the weakest link because they could be one of the targets of a cyber attack. Although the defense of the internet infrastructure is strong, it does not necessarily mean it is the same at the human level,” Eko said.
This is the biggest challenge. Therefore, companies must ensure that all employees follow security procedures, such as regularly changing the access code to applications or their data. Access codes are usually rarely changed because people are could not be bothered remembering new things. The difficulty level of access codes are also low because they are usually linked to personal data such as date of birth and hobbies and therefore they are easily guessed.
As far as the attackers are concerned, there are many parties that may have motives for carrying out cyber attacks, such as former employees, business competitors, politicians, spies, consumers or criminals.
Charles Lim, a lecturer at the Swiss German University, said that the types of attacks can be in the form of tapping, disturbances, information changes or creating misleading information.
The last two years, the cyber threat in Indonesia was dominated by two types of crimes: hate speech and online fraud.
Smith said that cyber attacks were increasing in two ways: in frequency and in intensity.
The potential threat of cyber attack will increase in parallel with the increase in internet speed and the number of devices that are connected.
Weak handling
The National Police Criminal Investigation Department said that Indonesia needed to improve in ensuring cyber data security, particularly to make up for limited human resources and lack of supporting facilities. The proliferation of cyber threats in Indonesia, the department said, was partly brought about by the popularity of social media.
The National Police Investigation Department’s Cyber Crime Director, Brig. Gen. Muhammad Fadil Imran, revealed that in the last two years, the cyber threat in Indonesia was dominated by two types of crimes: hate speech and online fraud.
These two types of cyber threats are predominantly carried out through social media because people tended to give out personal information.
Furthermore, Fadil added, this vulnerability was made worse by the lack of quality and quantity of resources in ministries and cyber-support institutions to provide online supervision.
“Based on that, two types of crime, which are hate speech and online fraud with various modus operandi, have become the most dominant cyber threats we have found in the field,” Fadil said.
To overcome this problem, the government has formed an organization called the Cyber Body and National Encryption Agency (BSSN). A year from now, at the latest, the BSSN will begin its work.
This move is a follow-up to Presidential Regulation No. 53/2017 on Cyber Body and National Encryption Agency, which was signed by the President on May 19, 2017.
(MED/SAN/APO/SON/ELD/EDN/MAR)