Explore the State of Cyber Security in Indonesia

You would be able to answer the questions as follows after you read this page

What is CyberSecurity?
Does it matter?
How dangerous are those cyber threats?
Am I protected?

Can hackers steal my data or information?
How will it affect my business??
How do I protect my business and data?

LOGIQUE Aims to Assist you in Finding Answers to the Above Questions

DO YOU KNOW ABOUT CYBER SECURITY HAZARDS?

An Indonesian airline once fell victim to a cyberattack, resulting in the leakage of their internal passenger data. The leaked data stems from two databases. The first database contains 21 million and the other contains 14 million. Indonesian Telecommunications companies have also become the victims of cyber-attacks by way of web defacing techniques. "Web deface" refers to changing the overall appearance of a website, starting from the main page, index file, or other pages that are still bound to the URL of the website.

Several cyber security incidents have occurred which not only have targeted a variety of companies, but also government agencies. Based on the data obtained from the CSIS (Center for Strategic & International Studies) there are several state institutions in the world that have fallen victim to coordinated hacking efforts. For example, hackers who once targeted specific U.S. cancer agencies sought to retrieve information related to cutting-edge cancer research.

According to the 2021 ENISA Threat Landscape Report (which can be download here; or, you can see a summary of the report in Indonesian we have provided here), it is known that cyber security risks throughout the world have increased exponentially.

This is certainly a problem that needs to be prioritized. Your company must indeed take immediate action to curb the potential breach of your systems.

NOTABLE CASES

DATA BREACHES BASED ON THE NUMBERS

Date Breaches have continued to present a serious threat to all companies around the world. This has happened due to the fact that hackers have continued to experiment with a number of new techniques to successfully access your data, as well as take advantage of the increase in online presence due to the high use of services on online platforms used by the general public today.

In order to break into a company's overall security systems and access any particular company’s sensitive data, especially in regards to personal data, hackers will generally combine a variety of more sophisticated infiltration techniques. For example, by using malicious software ransomware or with supply chain attacks.

Based on the data presented in the ETL 2021 (ENISA Threat Landscape 2021) obtained from Verizon's DBIR (Data Breach Investigations Report), it is known that within certain financial sector companies there exist as many as 44% of data breaches which have been caused by internal actors. In the public administration sector, 70% of data breaches have been caused by instances of social engineering and 15% of the errors are due to misconfiguration and mis-delivery. Then, in the healthcare sector, the main causes mainly originate from instances of mis-delivery, publishing errors, and misconfiguration. Whereas in the information sector, basic web application attacks, system crashes and glitches account for 83% of all data breach cases.

Various incidents related to data threats also have occurred during the ETL 2021 reporting period. The following figure shows the trends observed based on OSINT (Open-Source Intelligence), collected by the ENISA.

Various incidents related to threats to data also occurred during the ETL 2021 reporting period. The following figure shows the observed incident trends based on OSINT (Open Source Intelligence) and collected by ENISA.
grafik-1

In addition, it is necessary to understand that due to the Covid-19 pandemic, the cybersecurity trends presented within the healthcare industry have experienced a rapid surge in cases. This can be interpreted as such because when the Covid-19 pandemic occurred, the healthcare sector was in the spotlight and threat actors took advantage of it to hit the sector that was in a critical period. Due to the pandemic conditions, the provision of online health services and telemedicine has increased users, prompting hackers to take medical data that has increased and collected rapidly.

Data regarding incidents in healthcare observed through OSINT by ENISA:
grafik-2

In Indonesia itself, the State Cyber and Password Agency (BSSN) revealed that in 2021 there were at least more than 1.6 billion or precisely 1,637,973,022 anomalous traffic or cyberattacks that occurred. In fact, this trend is predicted to increase, where malware has the potential to be the largest type of cyberattack.

See the previous version of "DATA BREACHES BASED ON THE NUMBERS"

Setiap hari terdapat 24.000 jenis aplikasi seluler yang diblokir karena berpotensi terjadi pelanggaran data di dalamnya. Di sisi lain, serangan terhadap seluruh perangkat yang terhubung ke internet juga terus mengalami peningkatan.

Bahkan di tahun 2017, angka ini naik sebanyak 600 persen. Bukan hanya itu saja, setiap tahunnya serangan ransomware juga terus mengalami pertumbuhan hingga lebih dari 350 persen setiap tahunnya. Ransomware merupakan jenis malware yang dapat mengambil alih komputer dan mencegah pengguna sah untuk mengakses data sampai tebusan yang diminta dibayarkan. Hacker juga akan mengancam untuk mempublikasikan data-data sensitif korban jika tebusan tidak dibayar.

Indonesia Security Incident Response Team on Internet Infrastructure (ID-SIRTII) di bawah naungan BSSN juga mengungkapkan bahwa selama 10 bulan pertama di tahun 2018 telah terdeteksi lebih dari 200 juta serangan cyber ke Indonesia.

Berdasarkan data statistik dan berbagai kasus yang telah terjadi di seluruh dunia, peningkatan pelanggaran data terus terjadi dalam skala yang besar. Hal ini terjadi karena sistem keamanan yang lemah serta kurangnya security awareness dari penggunanya. Perlu Anda ketahui, sebanyak 95 persen pelanggaran keamanan cyber yang terjadi juga disebabkan karena faktor kesalahan manusia.

Di Indonesia sendiri, sudah banyak kasus serangan cyber yang pernah terjadi dan sebagian besar korbannya adalah perusahaan. Sepanjang tahun 2018, telah terjadi sekitar 4000 laporan terkait kasus kejahatan cyber, dan dari jumlah tersebut kasus serangan cyber paling banyak terjadi di wilayah Jakarta.

Sekitar 24.000 aplikasi seluler berbahaya diblokir setiap hari

serangan ransomware tumbuh lebih dari 350% setiap tahun

EXAMPLES OF KEY CYBER SECURITY INCIDENTS

The rampant cyber security incidents have not only sought to target private entities, but also government agencies. In Indonesia itself, the need for data protection is increasingly urgent. In fact, some experts say that the leakage of personal data within Indonesia already exists on an emergency level.

In 2021-2022, the number of cases of alleged data violations have been skyrocketing, ranging from data on participants within the government health insurance program for up to 279 million, data leaks concerning 1.3 million passenger verification application users, SIM Card registration data which is claimed to amount to 1.3 billion from four operators, customer data from insurance companies which amounts to as many as 2 million individuals, customer data from state companies within the field of electrical energy of up to 17 million, as well as many other alleged data leaks. The sensitive data that has been rumored to have been successfully exposed is generally in regards to personal data, which holds articles of information such as full names, ID cards, phone numbers, emails, financial data, and much more.

Based on the data obtained from the CSIS (Center for Strategic & International Studies) there are a variety of countries in the world that have experienced a critical level of cybersecurity incidents. Hackers once carried out a DDoS attack in order to temporarily remove the website of Taiwan's presidential office. The Taiwanese government attributed the attack to foreign instigators and stated that the website could operate normally after 20 minutes. An attack has also targeted users of Australia's largest Chinese-speaking platform. The hacker in question has made more than 20 million attempts to reset user passwords in the platform's registration system. Regarding another example, a hacker claimed to have obtained a file containing info in regards to 1 billion Chinese citizens from a Shanghai police database and posted the data for sale online.

WHERE ARE THE ATTACKS COMING FROM?

Broadly speaking, there are four categories of cybersecurity threats.

State-sponsored actors
Target: the entire computer system
State-sponsored actors carry out attacks on behalf of the state and will generally be sponsored or supported by government entities. The main target is an entire computer system with cyberwarfare/espionage motivations for political, economic, and/or military agendas. These perpetrators are known to play the "long game", where they will use a number of tactics to secretly access systems and networks, then explore those systems for months or years.

Cybercriminals
Target: The company
Cybercriminals are malicious actors who carry out a number of data breaches and are motivated to receive certain financial benefits from this endeavor. They will attack a variety of specified targets using a variety of techniques ranging from phishing, ransomware, cryptominers, remote access Trojans, exploit kits, social media, data/financial theft, extortion, and blackmail. The goal is to steal personally identifiable information (PII) such as credit card numbers, account credentials, and NIK (Identity Number) and then monetize it on the black market (Dark Web).

Hacktivist
Target: government agencies, companies, and individuals
Hacktivists’ main targets range from government agencies, companies, to individual targets. They generally carry out attacks for several reasons which are political, social, or economic in nature. Just like other malicious actors, hacktivists will also apply a number of techniques ranging from malware, DDoS attacks, or web page defacement. Through these techniques, they can effectively expose information, effectively cornering the target in question. One example of a hacktivist group is Anonymous.

The Lone Wolf
Target: the company/financial institution and its network
The Lone Wolf carries out a number of attacks on financial institutions and their networks. The goal is of course to gain financial benefits and gain network access. These types of hackers are difficult to catch because they will generally work individually and operate within the black market (Dark Web). In addition, they also sell malware to other hackers.

WHO IS AFFECTED BY CYBERATTACKS?

Research has revealed that 45% of data breaches occur within the cloud. This happens because of the lack of data protection and increasingly sophisticated exploitation techniques, causing an increase in the amount of data that has been successfully hacked and compromised. In addition, Covid-19 has also made remote working systems increasingly commonly practiced, thus encouraging cyberattacks to occur. This makes cyber security attacks continue to increase during 2020 and 2021, not only in terms of the numbers but also related to the impacts caused.

The SANS Institute has noted that in recent years there have been about 74,000 employees, contractors and suppliers affected by data breaches due to stolen company laptops. This is exacerbated by the fact that the data in it is not properly encrypted. A survey also revealed that in 2020, 26% of ransomware attack victims paid a ransom to get their data back. This number has risen to 32% in 2021.

Of course, cyberattacks affect many parties ranging from companies, institutions, customers, or even employees in the company itself. Perceived losses can include many things ranging from damage and destruction of data, stolen money, loss of productivity, intellectual property theft, theft of personal and financial data, embezzlement, fraud, post-attack disruption of business activities, forensic investigations, data and system recovery, to reputational damage.

HOW MUCH DOES IT COST TO BE A TARGET?

Ransomware is a type of malicious cyberattack in which an attacker encrypts an organization's data and demands a ransom payment to restore access. In some cases, attackers can also steal organizational information and request additional payments in exchange for not disclosing information to authorities, competitors, or the public. Regarding these types of ransomware attacks, in ETL 2021 it is known that in 2020 the average ransom requested has more than doubled to $170,000, where previously in 2019 it was around $80,000.

Then regarding the case of data breaches, IBM Security through the IBM Cost of a Data Breach Report 2022 revealed that the total global average cost of data breaches increased to USD 4.35 million in 2022. IBM also revealed that the top 5 industries based on the average cost of a data breach are the healthcare industry in first place ($10.10), followed by industries in the financial sector ($5.97), pharmaceuticals ($5.01), technology ($4.97), and energy ($4.72).

In Indonesia itself, the Financial Services Authority (OJK) once mentioned that there were losses worth IDR 246 billion caused by cyber-attacks on banks in Indonesia in the period 1st semester of 2020 to semester 1 of 2021. Then in the same period, there is a potential loss that can arise with a nominal value of rp 208 billion. Furthermore, based on data from the International Monetary Fund (IMF) 2020, it is known that the estimated total average loss experienced by the financial services sector globally due to cyberattacks can reach USD 100 billion or more than IDR 1,433 trillion. Cybersecurity Ventures has also mentioned that the total estimated cost of damage globally will grow by 15% per year over the next five years and reach $10.5 trillion per year by 2025.

Hackers will generally run a number of attacks such as by locking the system and then asking for a ransom so that the system can be accessed again. In addition, cyberattacks can also occur due to vulnerabilities or loopholes in the software used by the company. With the proliferation of cyberattacks, the need for companies to increase resilience to the systems they use is increasing. Cyber security services are becoming increasingly needed to anticipate the potential risk of attacks amid the digitalization trend carried out by various industrial sectors.

CAN YOUR COMPANY INCUR A CYBER ATTACK?

Currently, as many as 74% of companies have more than 1,000 very sensitive data archives, of which 21 percent are not given good and qualified protection. In addition, 41% of companies also have more than 1,000 sensitive files, including credit card numbers and other financial records that are not well protected. Not only that, based on Varonis data, 65% of companies have 500 users who have never changed their passwords.

Based on data obtained from Verizon, the Data Breach Investigations Report (DBIR) 2021 has revealed that as many as 85% of data breach cases involve human instigators. This shows that hackers often take advantage of mistakes made by humans, they realize that humans can be the weakest chain in the security system. This is what makes social engineering attacks or miscellaneous errors (such as when employees accidentally compromise the company’s data) the main method exploited by hackers.

In 2020, adware-type malware has also been increasingly present throughout Android devices. The State of Malware Report 2021 reported that on Android devices, 704,418 had detected various hidden ads & malware, and showed that there was an increase in this regard of almost 149%. This malware generally infects the system because users have unknowingly installed certain legitimate applications bundled with the aforementioned malware. The second cause is due to certain vulnerabilities in the software or operating system used. The vulnerability is then exploited by hackers to include malware within it.

In the first quarter of 2021, the volume of cryptojacking infections also reached a record high compared to recent years. Statistics have shown that during the first quarter of 2021, infections increased by 117%.

74% perusahaan memiliki lebih dari 1000 file sensitif

21% dari semua file tidak di lindungi dalam cara apapun

41% perusahaan memiliki 1000 file sensitif termasuk nomor kartu kredit serta catatan kesehatan yang tidak dilindungi

65% perusahaan memiliki lebih dari 500 pengguna yang tidak pernah diminta mengubah kata sandi

85% kasus pelanggaran data human error di dalamnya

HiddenAds Malware terdeteksi sebanyak 704.418 di perangkat Android ( meningkat hampir 149% )

Infeksi cryptojacking meningkat sebesar 117%

What is

Penetration Testing?

Penetration testing services, often shortened to the term “pentest”, is a term used when someone performs security testing on a system, application, or network. Penetration testing involves cybersecurity specialists who actively attempt to exploit vulnerabilities in a system or network.

Such activities are carried out in order to find out whether the system’s overall security protections possess loopholes. This is so that holes within the system can be immediately corrected by patching. This is done so that the security contained in a system or application being tested becomes impenetrable. In addition to conducting testing, pentest services also document the level of security of the system or application to be tested for subsequent reports or reports to the company / customer. Before conducting a penetration test, there will usually be a contract between the auditor / pentester and the company that aims for the application or system to be tested.

In addition to penetration testing, there are a range of practices and tools that companies can utilize to enhance cybersecurity, including:

Cyber Security Inspection

Cyber Security Inspection refers to the process of examining systems, networks, or software with the goal of identifying vulnerabilities or potential security risks. This is an initial stage that helps pinpoint potential security issues.

Vulnerability Assessment

Vulnerability Assessment involves a more in-depth analysis of discovered vulnerabilities, including an understanding of how these vulnerabilities could be exploited and their impact on the company. The goal of vulnerability assessment is to provide a more comprehensive picture of the risk level a company faces concerning specific vulnerabilities.

Vulnerability Scanner

A Vulnerability Scanner is software that automatically scans systems or networks to discover vulnerabilities that attackers could potentially exploit. Companies can utilize Vulnerability Scanners to scan software, configurations, or infrastructure that may exhibit potential security gaps.

The general targets penetration testing focuses on includes:

Mobile apps (iOs &Android), web, and desktop.
Services that use an internet connection (website, VPN endpoint, e-mail infrastructure, extranet, and others).
Internal systems or services contained in the network (Active Directory, Exchange, etc.).
Internal network.
Company employees to avoid issues to do with human error.

Why is penetration testing your digital systems necessary?
Penetration tests are performed to identify whether an application, computer system, or a network has security weaknesses. If a flaw is found and can be proven by some risk analysis, then you will have time to be able to repair the system before someone irresponsible takes a chance from the weakness gap found. Through the use of good security systems, the company's sensitive data can thus be protected which results in the company avoiding unnecessary expenses and losses in the future.

What are the advantages of penetration testing your digital infrastructure?
Penetration testing techniques present several key advantages, including:

Advantages

Can be done quickly with little time, resulting in an overall cheap price.
The skills required to perform certain penetration testing techniques are relatively lower when compared to performing the testing technique using source code checks
Live testing is performed on the code used (exposed)

"Pentest Web/Application Services and Cyber Security from LOGIQUE"

LOGIQUE provides penetration testing (pentest) services and comprehensive reporting related to security vulnerabilities in IT systems, websites, and mobile applications. In providing this service, we focus on assessing and reporting security vulnerabilities in systems, the web, and applications at a fast time and at an affordable price. Please check the details of this service here.

Learn about LOGIQUE's Penetration Testing Services

Please contact LOGIQUE for more information about Penetration Testing Service

Back to Cyber Security Solutions Page