Jakarta. The government should be thanked for their role in improving cybersecurity in Indonesia in the past five years, including during elections, an expert has said.
"I’m seeing really good progress in Indonesian cybersecurity. A few years ago, it wasn't as strong," Fernando Serto, director of security technology and strategy at Akamai APJ said on the sidelines of the Akamai Security Summit in Jakarta at the end of last month.
Serto is an expert in technology, specifically "zero-trust" web security and cybersecurity. He is a familiar face in Indonesia and has been assisting the government and local organizations with his expertise.
Akamai APJ is the world’s largest and most trusted cloud delivery and security platform based in the United States.
Serto said cyber attacks are increasing and constantly evolving, especially bot attacks.
"One type of attack we see growing rapidly in Indonesia is [one by] bots that attack credentials and check-ins. They try to validate accounts, for example in e-commerce websites, to steal gift cards," Serto said in an interview with the Jakarta Globe.
Cyber attackers are becoming more dangerous due to the rapid evolution of their attack methods, easily one-upping security software.
"Five years ago, launching a cyber attack was much more difficult. You’d need to build your own infrastructure. But now there are botnet-machines on the internet that could attack any internet-connected devices. They’re easy to get and you can easily be a target," Serto said.
These bots can be bought and rented easily at internet marketplaces. To counter them, businesses and governments must keep innovating their web security to be a step ahead of the attackers.
"The bad guys always come up with different ways to attack. When we see something new, we look at which countries they come from, and then try to stop them. We have to continue to innovate, create new technology, to stop new types of threat," he said.
According to a report by Akamai APJ, media, publishing and entertainment companies are the most common targets for cyber attackers.
"A lot of work we do with media companies these days is to protect their content management system. You need to make sure that the system is not exposed to the internet without proper protection in place. When you log in, that's usually the gateway for threats to enter," Serto said.
He said ordinary people should also have better knowledge of data security risks. Changing your passwords regularly and not using the same password on multiple platforms should be standard already.
Cybercrime During Elections
Serto said cybercrimes often happen during elections all over the world.
"This is not unique to Indonesia; every time a country holds an election, we see a lot of hacking activity. We've seen it happen during elections in the Philippines and the US," he said.
"We see a lot of hacktivists, people who disagree with the policies of a particular candidate, trying to hack into their official website and put very aggressive messages on it," Serto said.
He said the role of the government is crucial in preventing hacktivists from creating cyber chaos during elections. They should start by creating a security response team, usually called SIRT (Security Incident Response Team).
"Indonesia's cybersecurity agency [BSSN] has been doing a good job in looking after cybersecurity for different organizations in Indonesia. When they get attacked, they get help from the government to find out who does it. We also provide a lot of data to these government agencies," Serto said.
BSSN, an acronym for Badan Siber dan Sandi Negara (National Cyber and Cypher Agency), was established in 2017 and previously known as Lembaga Sandi Negara (National Cypher Agency). The agency reports directly to the president.