Forms of cyberthreats
There are several cyberthreats that corporations need to watch out for. These include APT (Advanced Persistent Threat), namely cyber-attacks that involve continuous and meticulous efforts to expose and damage corporate systems where the perpetrators often try to remain hidden in the network for long periods of time and access vital information covertly. This kind of cyberattack is usually carried out by state actors or funded by certain countries. One such example is the APT-29 attack which the US and its allies blamed on Russia.
There is also the malware attack, one that involves sending malicious software to corporate systems with the aim of damaging or accessing sensitive data. These may be in the form of computer viruses, worms, trojans, ransomware and spyware. Malware has become a scourge of the global community, because more than 30 percent of cyberattacks are caused by it.
In addition, there is supply chain attack, a type of cyberattack that occurs when attackers exploit weaknesses or security gaps in the supply chain of software or hardware used by an organization. Here, the attacker does not directly attack the main target but instead takes advantage of trust from third parties or vendors involved in the supply chain to deliver software or hardware infected with malware or other malicious code.
Other threats include phishing, where a hacker tries to obtain confidential information such as passwords, credit card numbers or personal data by masquerading as trusted entities. They then send fake emails or messages that appear genuine, so that users will be lured to voluntarily provide their sensitive information.
Next is DDoS (Distributed Denial-of-Service) attacks that aim to make corporate network resources unavailable to legitimate users, by flooding servers or networks with very large data traffic. There is also Man-in-the-Middle (MITM) attacks which involves a third party intervening in communications between two interacting parties, with the aim of monitoring or modifying data sent between them without their knowledge.
In Vulnerability Exploitation Attacks, perpetrators seek and exploit security vulnerabilities in corporate systems or software to gain unauthorized access or destroy data. Social Engineering attacks involve psychological manipulation of individuals in organizations to gain unauthorized access or confidential information by impersonating, wooing or exploiting people’s trust. Last but not least, the Insider Threat Attack which originates from within the organization, which can include ill-intentioned employees with access and expertise, who seek to cause harm to their workplace; or employees who accidentally reveal confidential information.
Actions on the part of the public
The public should be more alert of the risk of potential cyberattacks. If they fall victim to it, they should remain calm and not be provoked. The are advised to always follow the latest news on trusted information channels to get actual and valid information.
Read: Indonesia’s Illegal Nickel Export A Natural Resources Curse?
To avoid becoming a victim to cyberattacks, one should only install applications from official sources such as the Google Play Store or Apple App Store, regularly update their operating system and applications with the latest security patches, install top-rated security software, not open suspicious links or email attachments sent by unknown senders asking them to perform unusual actions or make copies of important data and keep them in a separate place.
The public also needs to increase its awareness of cyberthreats and how to identify them, for example, avoid visiting suspicious websites, especially those containing illegal or dangerous content, use strong and unique passwords for online accounts and two-factor authentication whenever possible, periodically change passwords and not carelessly connect personal devices, to free WiFi or free charging stations. (Dr. Pratama Dahlian Persadha, S.Sos., M.M)