In Indonesia, it’s a fact that most of corporates still have very low awareness of
website security. On the other hand, many skillful attackers are causing many
security incidents in Indonesia at international level. It is extremely important
for you to make sure that your website’s security is checked by a professional with
the viewpoint of cyber attacking/software vulnerability since attackers have various
ways to penetrate the security hole of your website. If the attackers break your
security holes, the risk is not only your website will be jacked or edited, but your
website/business can be used for a crime. That is why it is extremely important to
strengthen your website’s security even if it’s a very simple website.
An Indonesian Airline had once become the victim to a cyber-attack, resulting in the leakage of
important passenger data. The data leakage stemmed from two sources, the first of which
contained 21 million articles of data, and the other, 14 Million. Indonesian telecommunications
companies have previously fallen victim to cyber-attacks using web-defacing techniques. ‘Web
defacing’ changes the appearance of a website, altering its main page, index file and other
pages that are still bound to the website’s URL.
Several Cyber-Security incidents have occurred, not only to corporate entities, but also against
government agencies. Based on data obtained from the CSIS (Center for Strategic and
International Studies), there are many state-run institutions worldwide that have experienced
such cyber-attacks, notably several US Cancer Research agencies that were hacked into in order
to retrieve information related to the latest data in regards to developments in the study of
cancer. North Korean Hackers have also carried out phishing attacks on foreign officials, aiming
to decipher nuclear related information. The Indonesian General Election Commission had also
reported Hackers from China and Russia had previously examined the database of Indonesian voters
before the presidential and legislative elections were held.
Presently, as many as 74% of companies have over 1000 highly sensitive files stored within their
archives. 21% of which often lack capable protection, thereby being vulnerable in becoming the
victims of hacking. Additionally, 41% of companies commonly store over 1000 sensitive files that
are not well protected. These can include credit card cumbers and other financial records.
Furthermore, based on Varonis’ data, 65% of companies have 500 users who have never changed
their passwords. In fact, based on a study conducted by the Ponemon Institute in 2017, as many
as 69% of organizations do not believe that Anti-Virus Software can help solve a data breach
related threat. Hackers have various techniques to hack and access important company data. In
lacking good cyber security, both large and small companies can fall victim to all kinds of
cyber-attacks. This happens because every business has assets criminals may seek to exploit.
Sometimes assets are in the form of money, financial information, personal information of staff
and customers, or even business infrastructure.
In Indonesia, we have performed security assessments on websites of a governmental organization, financial institution, e-commerce, up to a car manufacturer. Most of the cases, you will be shocked with the test result, but it is better at least you can notify the risk and make an appropriate strategy against it. LOGIQUE will help you lessen the risks until the risk gets almost none by monitoring its security constantly. While conducting penetration tests for various companies, we had subsequently discovered several security holes that required immediate patching up. Some examples of the bugs we had encountered are as follows:
Time | Industry | Object of Assesment | Found Problems (Risk Level) | ||
---|---|---|---|---|---|
High | Middle | Low | |||
Sep - Oct 2019 | Travel | Web app | 5 | 4 | 2 |
Sep - Oct 2019 | Media | Online Media | 8 | 0 | 3 |
Sep - Oct 2019 | Entrainment | Network infrastructure | 4 | 2 | 1 |
Sep - Oct 2019 | E-commerce | Market Place Web | 8 | 4 | 4 |
Oct 2019 | E-commerce | PWA | 4 | 3 | 0 |
Oct - Nov 2019 | Forwarding | Website company profile | 5 | 5 | 3 |
Oct - Nov 2019 | E-commerce | Web app | 6 | 0 | 2 |
Oct - Nov 2019 | E-commerce | Web app | 2 | 2 | 1 |
Oct - Dec 2019 | E-commerce | Web app | 53 | 1 | 0 |
Nov - Dec 2019 | E-commerce | Mobile app for Android | 2 | 2 | 2 |
Nov - Dec 2019 | E-commerce | E-commerce | 3 | 2 | 2 |
Nov - Dec 2019 | E-commerce | E-commerce | 2 | 2 | 1 |
Nov 2019 | Fintech | Web app | 1 | 2 | 3 |
Nov 2019 | Fintech | Mobile app for IOS and Android | 2 | 4 | 2 |
Dec 2019 | Finance | Corporate Web | 2 | 1 | 4 |
Dec 2019 | Automotive | Corporate Web | 4 | 0 | 2 |
Dec 2019 | Service | Member web | 3 | 4 | 3 |
Jan 2020 | Fintech | Web App | 0 | 2 | 0 |
Jan 2020 | Fintech | Mobile App | 1 | 8 | 1 |
Jan 2020 | Fintech | Network Infrastructure | 0 | 3 | 0 |
Feb 2020 | Automotive | Network Infrastructure | 0 | 0 | 1 |
Feb 2020 | Service | Web App | 0 | 4 | 1 |
Feb 2020 | Mobilephone Provider | Web App | 1 | 10 | 2 |
Mar 2020 | Airline | Web App | 0 | 4 | 1 |
Mar 2020 | Financial Planner | Web App | 4 | 1 | 2 |
Mar 2020 | Travel | Web App | 5 | 4 | 2 |
Apr 2020 | Service | Network Infrastructure | 0 | 1 | 2 |
Apr 2020 | Service | Web App | 0 | 1 | 3 |
May 2020 | Insurance | Web App | 4 | 4 | 1 |
May 2020 | Insurance | Network Infrastructure | 0 | 2 | 3 |
Jun 2020 | Pharmacies | Web App | 0 | 2 | 0 |
Jun 2020 | Fintech | Web App | 5 | 0 | 0 |
Sep 2020 | Fintech | Web App | 0 | 4 | 2 |
Oct 2020 | Agriculture | Network Infrastructure | 0 | 5 | 1 |
Cyber Security Related Article
Website Security Testing White Paper