Held every month, this time Kopi Chat led an exciting discussion on cybersecurity. With three guests speakers, such as Darryl Chuan, Country Manager of Horangi; Wildan Aliviayarda, from Division Head Security Solution of Indosat Ooredoo; Teddy Tee, Founder of Cashlez, together they answered our participants’ security concerns on data leakage, hacking and most importantly, how to protect our businesses from these cyber threats.
Our moderator opened the discussion with an engaging question,”So how does everyone feel with the recent social media ban by our government?” which was followed by laughter across the room and encouraged everyone to share their opinions on the role of government, small to large businesses on the internet practice we witness today. During the ban, many people switched to use VPN providers, and it raised a question whether we put ourselves at risk of data leakage as majority of VPN providers are not well regulated. The guest speakers answered that as long as we make sure the service provider is from a reliable platform, we would definitely be safe. However, they mentioned that Indonesia still remains as one of the countries that are prone to cyber attacks. Specifically, the country has had more than 200 million cyber attacks in the first 10 months of 2018 alone, as told by Chief of BSSN, according to a research conducted by Ravenry.
Since a lot of businesses nowadays use the internet as the sole medium to market their product and make sales, the need for secure and accessible means of doing activities online is increasing more than ever. Cyberthreat becomes one of the biggest threats that businesses face; especially after businesses received big funds and got a lot of media exposure, they become more prone to the attacks. Along with this, there is a lot of cyber attacks done by internal employees inside a company, including former employees looking for ransoms or revenge. In the case of Indonesia, common cyberattack cases include getting through our passwords and relevant data by providing fake links for us to input our information, in an activity called phishing. Unfortunately, a lot of people have experienced this due to their own carelessness, therefore we have to make sure the link received does not seem suspicious and always make sure to check the sources from where we got the links.
Ravenry also added that it in order to prevent cyber attacks, it is crucial to be aware of the most common types of cybersecurity, such as critical infrastructure security (examples would be police and military security services), application security (this includes antivirus software, secure coding, secure operating systems, secure by default and secure by design), network security (this is usually accomplished through a network penetration test to evaluate the network for vulnerabilities in servers, devices and network services), cloud security (such as firewalls, penetration testing, tokenization, using virtual networks, and avoiding public internet connection) and (Internet of Things) IoT security.
The most important lesson we can take away from this is to build a security-conscious culture in the work environment. Not only should we set proper company policies regarding online security, we need to educate our employees and remind them to be aware at all times, including setting their passwords periodically to lessen the chance of what is called a ‘Brute Force Attack’ into the company servers. Brute Force Attack, is one of the hacking methods used to gain access to a server, by guessing combination of passwords. After realizing this crucial problem, the next step is to consider hiring cybersecurity firms in order to prevent the attacks, or build an in house one; both carry their own pros and cons and should be carefully considered by the company.