Hello Netters, meet again on the NETDATA podcast, this time we will discuss about MSMEs. Some time ago I heard that there were cyber attacks against MSMEs during a pandemic.
Table of Contents
Reasons for attackers to attack MSMEs
This has been made in many news articles that SMEs often experience cyber attacks. Maybe we ask why hackers don’t attack big companies, instead attacking MSMEs, which are not companies with small budgets.
This is due to the fact that MSMEs are not too “aware” or wary of their cyber attacks.
This is also experienced by MSMEs with a turnover of 500 million and above, which still allocate too little of their IT budget.
So that in addition to this, list analysis on the impact of business and business continuity has not yet begun to implement Network security.
UMKM Is Still Lack Of Aware Of Cyber Attacks
I’ve found some MSMEs need a firewall to be installed. We know very well that Firewalls are so expensive compared to regular routers that they objected.
And again we are talking about the program licenses they use for operations, such as Office applications, even the Windows Operating System is still not original, aka pirated.
Even if they use a computer for daily operations, moreover, all data on that computer is very vulnerable to data leakage.
Maybe not because they were hacked but more exposed to attacks such as ransomware where their data is held hostage and then lost.
Not only MSMEs, cyber attacks are also targeting large companies
Maybe it’s different from large companies that have implemented good network security and also don’t want company data to leak everywhere.
Even large companies with complete network security still experience data leaks. But the percentage of data leaks or hacked by large companies is much smaller than small companies.
Because usually large companies have used Network security standards such as ISO 2001 and also their staff has been trained to be more aware of cyber threats from a wide range.
Reasons for MSMEs to be Targeted by Cyber Attacks
It is not uncommon today that there are many crimes that occur in cyberspace. Indeed, this is not visible, but materially it is very detrimental. The question also arises why these hackers often attack for various businesses, especially MSMEs. Why do these hackers feel so eager to make losses for MSME actors?
Why MSMEs Become the Target of Cyber Attacks
more and more internet users, cyber attack activities often occur. Because you certainly understand that if there is a good use of technology, there are also those who use it illegally or harm other people.
Especially during the current pandemic, many people ghost online without knowing what to do. Moreover, as in Indonesia today, it is the most internet users in ASEAN.
Secure UMKM Solution
There is much that must be done by MSME actors to secure their online business. The very important point is that the user must be aware of the various activities carried out on the internet and of the data stored on his computer network.
Users must be aware
The attack that often occurs is malware, this is because the originator of the user downloaded the application from a website whose origin is not clear, for example, when downloading a pirated or cracked application, of course we do not know what is in the download file.
There is something that can be done to prevent hardware in MSMEs, is to use third party services that can secure various IT infrastructures that are owned. One of them is PT. NETWORK DATA SYSTEM.
Why should NETDATA?
- NETWORK DATA SISTEM can change Capex to Opex. So for example, if the client’s income for MSMEs is not too big, NETDATA can turn it into Opex, so there is no need to spend too much capital from the start.
- NETWORK DATA SISTEM can also migrate the cloud for your MSMEs that still use various types of infrastructure that are still not too secure. So NETDATA can handle various types of clouds such as Software as a Service (SaaS), Platform as a Service, and also Infrastructure as a Service.
Continue on to discuss cyberattacks based on media downloads from the internet. Maybe we wonder whether downloading media from the internet can harm the computer.
Maybe we need to know the types of cyber attacks that often attack SMEs first.
Types of Cyber Attacks
- Email Spam
Usually, these attacks are most often carried out via spam emails that attach links or attachments containing viruses or malware.
In addition, there is also a phishing method, which is a fake login page. Usually the motive used is that you are told to change your Paypal account password or bank account to make it more secure.
In addition to passwords, other data were stolen such as telephone numbers, account numbers, ATM pins and so on.
- DDOS
There are also DDOS or Distributed Denial of Service attacks that directly attack corporate server networks. This attack applies the law of the jungle, that whichever computer has strong specifications wins.
- Man In The Middle Attack
There is also the Man In The Middle attack, this method of attack is that there is a second person eavesdropping on your data accessing the internet. So that this second person can intercept the valuable data and harvest the passing data.
However, this MITM attack is rarely found because many applications now encrypt their data so that even if it is stolen by a second person, they will not be able to read it.
MITM Attack Solution
There is an advanced solution to tackle MITM, namely using an encrypted VPN too. My advice is that you use SSL VPN from Fortigate which has proven security.
MSME Solutions Overcome Cyber Attacks
Talking about cyber attacks is certainly something that needs to get awareness for MSME actors. The reason is that many companies that are still pioneering have become targets of cyber attacks. Of course, this is something that really needs to be considered so that nothing happens if you also have an MSME company.
So, what are the solutions to dealing with cyberattacks?
As a technopreneur, there is a need to invest in technology to do security. Maybe now a lot of adopt base on cloud where you don’t need to spend capital at the beginning. You already get income from Opex 9 and you just pay it to the cloud that is tailored to your needs.
This is one of the services of PT. NETWORK DATA SYSTEM which is very profitable. With this service, you really have to keep up with the times and not become an entrepreneur and technopreneur.
Planning also for the future IP Plan, not just planning for the present.
Apart from planning IP in the future, you can also implement multi-factor authentication (MFA). What is meant by multifactor authentication?
So, if you access a resource or any service, you will find a password. By implementing multifactor authentication, there will usually be 3 factors, including:
- Something you have
Examples for this factor are access cards and also codes sent to personal cellphone numbers.
- Something you are
Examples for something you are are fingerprints and retina.
- Something you know
An example of something you know is a username and password.
Preparation For the MFA
If you have discussed the infrastructure of the MFA, now is the preparation for the MFA. There are many kinds that can be done. However, cloud-based ones already have an authenticator.
The easiest example is that you have a username and password authentication in an application but on the VPN side you have another OTP. So, the username and password become foreigners.
Zero Trust
Perimeter-based approaches have long been important for corporate network security, but are no longer relevant for modern applications. Organizations today are embracing better options for controlling access to applications and data with Zero Trust, the security paradigm for the modern digital enterprise.
Zero Trust is based on the idea that the network from which the request originates is a weak indicator of what the applicant should be allowed to do. Companies should not have confidence in the user’s network as a security measure and instead look to authentication and authorization schemes to deter attackers.
Still talking about cyber attacks against MSMEs which will enter the planning stage. So what are the assessments of future plans used to prevent cyber attacks against MSME businesses.
Risk And Vulnerability Assessment
If we have a system, what risks will occur if a cyber attack occurs. Whether it’s losing data, losing company reputation, losing customer trust.
As for vulnerability, how vulnerable is our system to be hacked. For vulnerability, several tests can be done to test for vulnerabilities, for example the Pentest, Vulnerability Assessment (VA) and many more.
After the assessment has been carried out, a score will come out in the form of a score, more precisely the CVSS Score, which assesses the vulnerability of a system.
Backup
Backup is a backup of corporate data to other storage. We must do this regularly if there is a cyber attack or our data is deleted by ransomware so that the data can be recovered.
Storage providers must also be trusted and have high security. Even though we have zero trust, at least we have done our utmost to prevent data loss from occurring.
NETDATA Solutions That Can Prevent Cyber Attacks For MSMEs
Hardware-based firewall
NETDATA provides a variety of Firewall hardware because NETDATA has collaborated with various Firewall vendors.
Managed Service
NETDATA also provides managed service services in the security sector and has also been certified.
Or NETDATA also offers managed device services so customers don’t have to bother configuring their devices anymore.
Device Maintenance
NETDATA provides continuous maintenance of security devices. NETDATA prioritizes aftersales for every product purchased by its customers so that it continues to prioritize customer trust.
Cloud
NETDATA also offers a managed cloud and a reliable resource engineer. And also NETDATA provides on-premise integration with the cloud.
For portfolios that have been handled by NETDATA, it is direct connect, which provides a connection from the cloud into the Firewall, then the Firewall has an IPSec VPN backup.
Wow, it’s also complete, it’s definitely expensive, of course not because the question of price can be asked at sales@nds.id which can be tailored to the needs of your company.
That’s enough for our discussion of cyber attacks against MSMEs that might be a reference for your MSME business. Thank you and hope it is useful.
