JAKARTA, KOMPAS — Cyber attacks in Indonesia will keep increasing; the growing number of Internet users will be the target of these attacks; hacking skills will also grow. Thus, vital objects and corporations need to setup cyber security teams.
Bina Nusantara University Head of Cyber Security Program Aditya Kurniawan, on Tuesday (6/6) in Jakarta, warned the public of the increasing quantity and quality of future cyber attacks, and that the management of vital objects and corporations needed to setup cyber security in their information technology divisions.
Aditya predicted that the future threat would still be economically motivated. Hacking in Indonesia would increase because hackers want money. Hacking fueled by such a motivation will only increase, because hacking techniques are easy to learn and many people are willing to learn these techniques.
“The cases that have come to light recently were only a small portion. The total volume of hacking cases is large, but corporations concealed them to maintain their image,” he said.
He also warned of an increase in cyber attacks against personal accounts and home networks.
IoT threat
Other threats could emerge if all home appliances, such air conditioners, televisions and automobiles, are connected to the Internet in this Internet of Things (IoT) era. More people will try their hand at hacking but with different motivations, beginning with hacking for fun, to voyeurism, and for financial gain. IoT connectivity could be harmful if the security system is weak.
“If the IoT connects all home appliances, the threat will grow because many hackers are watching. So corporations and government offices need to setup a cyber security division. At the very least, these teamsneed to start raising awareness internally, among employees, so that they can safeguard the system,” he said.
The problem is that the demand of human resources in cyber security is growing along with the growing number of hackers, but the supply remains low.
“The availability of cyber security human resources is limited. Some companies only build the system, but they rarely check and manage its security,” said Aditya.
Companies also tend to allocate small funds for that purpose. And there are companies that can’t be bothered and simply outsource the security.
The chairman of Tax, Infrastructure and Cyber Security at the Indonesian E-commerce Association (idEA), Bima Laga, said the human resource supply in information technology, particularly in e-commerce security, was insufficient to meet current demand.
“There aren’t enough [cyber security professionals], but we are seeing an increase in the number of graduates, especially in the field of cyber security. That gives hope to entrepreneurs,” he said.
Bima, who is also Chief Financial Officer with PriceArea.com, said his company employs only one person in the cyber security division.
“The rest are temps from a cyber security company or are outsourced,” he said.
Multidimensional attack
PT Digital Forensic Indonesia (DFI) Digital Forensic chief Ruby Alamsyah said cyber attacks should not be handled only by the government.
Moreover, since the cyber attack trend had become multidimensional, the approach should involve many stakeholders.
“The capabilities of practitioners must be broader and the focus on managing cyber security networks. So far, human resource capabilities at government institutions are mostly related to making regulations,” Ruby said.
The government issued Presidential Regulation No. 35/2017 on Cyber and State Encryption Agency on May 19. This agency consists of several institutions, one of which is the Indonesia Security Incident Response Team on Internet Infrastructure (ID-SIR-TII).
Ruby said the ID-SIR-TII’s performance is not yet optimal. The activities of ID-SIRTII had deviated from the initial plans at its establishment.
Not only IT
Ruby added that the future design of cyber security networks must not only rely on the role of IT professionals.
Instead, private companies and government institutions should design a cyber security system that involves the responsibility of all divisions.
Symantec Indonesia Country Manager Andris Masengi said management must reassess its pillars of security, specifically the human, procedural and technology pillars.
In connection with technology, management must have an integrated cyber security system, namely data that can be shared among individuals, departments and companies.
(MED/MAR)