In Indonesia, it’s a fact that most of corporates still have very low awareness of website security. On the other hand, many skillful attackers are causing many security incidents in Indonesia at international level. It is extremely important for you to make sure that your website’s security is checked by a professional with the viewpoint of cyber attacking/software vulnerability since attackers have various ways to penetrate the security hole of your website. If the attackers break your security holes, the risk is not only your website will be jacked or edited, but your website/business can be used for a crime. That is why it is extremely important to strengthen your website’s security even if it’s a very simple website.
An Indonesian Airline had once become the victim to a cyber-attack, resulting in the leakage of
important passenger data. The data leakage stemmed from two sources, the first of which
contained 21 million articles of data, and the other, 14 Million. Indonesian telecommunications
companies have previously fallen victim to cyber-attacks using web-defacing techniques. ‘Web
defacing’ changes the appearance of a website, altering its main page, index file and other
pages that are still bound to the website’s URL.
Several Cyber-Security incidents have occurred, not only to corporate entities, but also against government agencies. Based on data obtained from the CSIS (Center for Strategic and International Studies), there are many state-run institutions worldwide that have experienced such cyber-attacks, notably several US Cancer Research agencies that were hacked into in order to retrieve information related to the latest data in regards to developments in the study of cancer. North Korean Hackers have also carried out phishing attacks on foreign officials, aiming to decipher nuclear related information. The Indonesian General Election Commission had also reported Hackers from China and Russia had previously examined the database of Indonesian voters before the presidential and legislative elections were held.
Presently, as many as 74% of companies have over 1000 highly sensitive files stored within their
archives. 21% of which often lack capable protection, thereby being vulnerable in becoming the
victims of hacking. Additionally, 41% of companies commonly store over 1000 sensitive files that
are not well protected. These can include credit card cumbers and other financial records.
Furthermore, based on Varonis’ data, 65% of companies have 500 users who have never changed their passwords. In fact, based on a study conducted by the Ponemon Institute in 2017, as many as 69% of organizations do not believe that Anti-Virus Software can help solve a data breach related threat. Hackers have various techniques to hack and access important company data. In lacking good cyber security, both large and small companies can fall victim to all kinds of cyber-attacks. This happens because every business has assets criminals may seek to exploit. Sometimes assets are in the form of money, financial information, personal information of staff and customers, or even business infrastructure.
In Indonesia, we have performed security assessments on websites of a governmental organization, financial institution, e-commerce, up to a car manufacturer. Most of the cases, you will be shocked with the test result, but it is better at least you can notify the risk and make an appropriate strategy against it. LOGIQUE will help you lessen the risks until the risk gets almost none by monitoring its security constantly. While conducting penetration tests for various companies, we had subsequently discovered several security holes that required immediate patching up. Some examples of the bugs we had encountered are as follows:
|Time||Industry||Object of Assesment||Found Problems (Risk Level)|
|Sep - Oct 2019||Travel||Web app||5||4||2|
|Sep - Oct 2019||Media||Online Media||8||0||3|
|Sep - Oct 2019||Entrainment||Network infrastructure||4||2||1|
|Sep - Oct 2019||E-commerce||Market Place Web||8||4||4|
|Oct - Nov 2019||Forwarding||Website company profile||5||5||3|
|Oct - Nov 2019||E-commerce||Web app||6||0||2|
|Oct - Nov 2019||E-commerce||Web app||2||2||1|
|Oct - Dec 2019||E-commerce||Web app||53||1||0|
|Nov - Dec 2019||E-commerce||Mobile app for Android||2||2||2|
|Nov - Dec 2019||E-commerce||E-commerce||3||2||2|
|Nov - Dec 2019||E-commerce||E-commerce||2||2||1|
|Nov 2019||Fintech||Web app||1||2||3|
|Nov 2019||Fintech||Mobile app for IOS and Android||2||4||2|
|Dec 2019||Finance||Corporate Web||2||1||4|
|Dec 2019||Automotive||Corporate Web||4||0||2|
|Dec 2019||Service||Member web||3||4||3|
White Paper Tentang Pengetesan Keamanan Website