In the current situation during a pandemic, there is increasingly common in online meetings and online shopping. Therefore, communication and information technology provides services for people to communicate without face-to-face to minimize the risk of Covid-19 transmission. However, it is unfortunate recently that millions of user account data have been leaked due to cyber-attacks so that their data risk being misused.
An expert of Information technology from Universitas Gadjah Mada, Ir. Lukito Edi Nugroho, M.Sc., Ph.D., said that digital account holders are necessary for data protection. However, the rise of cyber attacks on online learning applications and e-commerce applications shows the low application's security system. "Mostly, attacks are coming from outside. However, the vulnerability can arise from within," Lukito told reporters on Wednesday (7/22).
According to the lecturer in Electrical Engineering and Information Technology, the UGM Faculty of Engineering can often take place cyber-attacks. Still, if the system is resilient, it will not penetrate. Conversely, systems can collapse if they are attacked because of vulnerable with many security holes when attacked by a minor can collapse. Meanwhile, the vulnerability from within comes from the irresponsible use of accounts that are not protected properly. Therefore, people can be hijacked and used to break into it from the inside.
He explained that the leaked account data is often for sale or even just a show-off moment of ability. "It perhaps can be both. If the data has economic value, for instance, personal data, credit card data, can be traded," he explained.
The data account is leaked and then misused so that it can interfere with privacy. Since the leaked data account can be used to gain financial benefits illegally and harm the owner of the data, also, this data account can be known from other people who know the personal contact number while offering the product. "It can be in the form of a sudden moment; there is a phone call came from a stranger, offering this and that product—phone spam. A more serious case, with some additional data such as NIP, home address, biological mother's name," he said.
According to him, to reduce the impact of this cyberattack, we need to be careful in conveying all data in registering an account. If we don't trust the application, don't use it," he said.
For educational institutions that carry out online teaching and learning activities, the account owner and activity manager must protect the account so that it does not leak and be misused. "Students as users must be responsible for securing the accounts, applications and data used. Institutions are responsible for infrastructure, including computer networks, servers and database systems," he said.
Regarding the data protection and security rules that are still minimal in Indonesia, Lukito proposes that there should be strict rules and stricter law enforcement so that they can protect data owners. "It is necessary, but what is needed the most is law enforcement," he concluded.
Author: Gusti Grehenson
Photo: Cyber Attack.msn.com
Translator: Natasa A