Data Theft Occurs Mostly During Working Hours
According to BSSN data, phishing is one of the most widely used methods to steal personal data. This type of attack exploits the weakest part of cybersecurity, namely users.
Hacking attacks have continued to increase over the past several years. Apart from lawmakers passing the personal data bill into law, people should be more watchful, especially when using a corporate email account.
JAKARTA, KOMPAS — Anomalies in network traffic indicating a hacking attack have continued to increase over the last three years. Hacking attacks, which generally involve phishing to steal personal data through email, occur mostly during working hours.
One thing that can be done to prevent hacking attacks is to be more careful in using corporate email accounts. Do not use a work email, for example, when creating an account on an e-commerce platform, because they are often targeted by hacking attacks.
According to a monitoring report released by the National Cyber and Encryption Agency (BSSN), 228 million network traffic anomalies were detected in 2019. The figure doubled to 495 million in 2020 and then to 1.6 billion in 2021. Network traffic anomalies are used to detect hacking attacks.
Speaking at the launch of the "Annual Report on Cybersecurity Monitoring Results for 2021" in Jakarta on Wednesday (30/3/2022), BSSN deputy head Luki Hermawan said that digital transformation had accelerated in the last few years.
Increasing competence and innovation in the field of cybersecurity information technology to deal with the growing threat was inevitable, he added.
Along with the growing trend of digital transformation, Luki said, cyber threats were also growing more complex. Increasing competence and innovation in the field of cybersecurity information technology to deal with the growing threat was inevitable, he added.
"In future, cyberattacks will grow even more, both technically and socially, and attacks against social media groups will also increase. It has to do with phishing attacks targeting individuals," said Luki.
According to BSSN data, phishing is one of the most widely used methods to steal personal data. This type of attack exploits the weakest part of cybersecurity, namely users. In 2021, 3,816 cases of phishing attacks via email were recorded, while 264 cases of phishing attacks via websites occurred. The majority of phishing attacks occurred in the education sector, followed by the trade industry and the government sector. As many as 53 percent of phishing attacks occurred during working hours, while 47 percent occurred outside working hours.
Agung Setiadji from BSSN’s cybersecurity operations, said that phishing attacks should receive special attention due to the high use of corporate email accounts.
"So prevention is very important, not only via the system, but also by educating all employees and social media users on a massive and regular basis. Raising awareness is very important," he said.
Throughout 2021, the BSSN received as many as 179 reports on data theft that involved phishing and other forms of hacking attacks. Government offices reported the greatest number with 60 cases. The
perpetrators behind the hacking attacks even demanded a ransom from the data owner. If the ransom were not paid, they would lose their data permanently. The perpetrators also sold the personal data they had stolen.
This had occurred because many people registered with e-commerce websites using their work email.
The BSSN also discovered 83,991 email accounts from 78 agencies on the dark web. Many of these attacks were obtained through hacking attacks against online marketplaces. This had occurred because many people registered with e-commerce websites using their work email.
Agung also advised people to be more careful when using their corporate email accounts, and to not use their work email to create their online shopping accounts.
"If we use a corporate email account to register on an e-commerce site, when that site is targeted by data theft, our [emails] will also be stolen," said Agung.
According to data from the cybercrimes directorate of the National Police’s criminal investigation department, reports of data theft began increasing in May 2020. Most of the reports were related to the alleged leak of the data of 91 million users at homegrown e-commerce giant Tokopedia (2 May 2020) and the data of 13 million users from e-commerce platform Bukalapak (6 May 2020). Then in 2021, an alleged data leak occurred at the Health Care and Social Security Agency (BPJS Kesehatan).
Data protection bill
Executive director Wahyudi Djafar of the Institute for Policy Research and Advocacy (Elsam) said that the growing number of hacking attacks such as phishing that involved the theft and sale of personal data further indicated the urgent need for a law on personal data privacy and protection. The government and the House of Representatives (DPR) must work extra hard to pass the personal data protection bill as soon as possible.
"I hope that the President will pay immediate attention and communicate with the leaders of the DPR and find common ground on how to speed up the deliberation process, so the bill can be passed soon," he said.
The bill obliges data administrators to implement a strong cybersecurity system. The bill also contains sanctions for administrators of data that are hacked and criminal sanctions for perpetrators who sell personal data. The bill also provides protection for data owners.
The government and House Commission I started deliberating the personal data protection bill in early 2020. However, the deliberation was halted later because the Communications and Information Ministry and the majority of House factions were divided over the supervisory authority of the personal data protection law. The ministry wanted to be in charge of supervising the law, while the House wanted an independent agency.
(This article was translated by Hendarsyah Tarmizi)