Cyber ​​Attack Target To UMKM

kejahatan siber mengincar umkm

Hello Netters, meet again on the NETDATA podcast, this time we will discuss about MSMEs. Some time ago I heard that there were cyber attacks against MSMEs during a pandemic.

Reasons for attackers to attack MSMEs

This has been made in many news articles that SMEs often experience cyber attacks. Maybe we ask why hackers don’t attack big companies, instead attacking MSMEs, which are not companies with small budgets.

This is due to the fact that MSMEs are not too “aware” or wary of their cyber attacks.

This is also experienced by MSMEs with a turnover of 500 million and above, which still allocate too little of their IT budget.

So that in addition to this, list analysis on the impact of business and business continuity has not yet begun to implement Network security.

UMKM Is Still Lack Of Aware Of Cyber ​​Attacks

I’ve found some MSMEs need a firewall to be installed. We know very well that Firewalls are so expensive compared to regular routers that they objected.

And again we are talking about the program licenses they use for operations, such as Office applications, even the Windows Operating System is still not original, aka pirated.

Even if they use a computer for daily operations, moreover, all data on that computer is very vulnerable to data leakage.

Maybe not because they were hacked but more exposed to attacks such as ransomware where their data is held hostage and then lost.

Not only MSMEs, cyber attacks are also targeting large companies

Maybe it’s different from large companies that have implemented good network security and also don’t want company data to leak everywhere.

Even large companies with complete network security still experience data leaks. But the percentage of data leaks or hacked by large companies is much smaller than small companies.

Because usually large companies have used Network security standards such as ISO 2001 and also their staff has been trained to be more aware of cyber threats from a wide range.

Reasons for MSMEs to be Targeted by Cyber ​​Attacks

It is not uncommon today that there are many crimes that occur in cyberspace. Indeed, this is not visible, but materially it is very detrimental. The question also arises why these hackers often attack for various businesses, especially MSMEs. Why do these hackers feel so eager to make losses for MSME actors?

Why MSMEs Become the Target of Cyber ​​Attacks

more and more internet users, cyber attack activities often occur. Because you certainly understand that if there is a good use of technology, there are also those who use it illegally or harm other people.

Especially during the current pandemic, many people ghost online without knowing what to do. Moreover, as in Indonesia today, it is the most internet users in ASEAN.

Secure UMKM Solution

There is much that must be done by MSME actors to secure their online business. The very important point is that the user must be aware of the various activities carried out on the internet and of the data stored on his computer network.

Users must be aware

The attack that often occurs is malware, this is because the originator of the user downloaded the application from a website whose origin is not clear, for example, when downloading a pirated or cracked application, of course we do not know what is in the download file.

There is something that can be done to prevent hardware in MSMEs, is to use third party services that can secure various IT infrastructures that are owned. One of them is PT. NETWORK DATA SYSTEM.

Why should NETDATA?

  1. NETWORK DATA SISTEM can change Capex to Opex. So for example, if the client’s income for MSMEs is not too big, NETDATA can turn it into Opex, so there is no need to spend too much capital from the start.
  2. NETWORK DATA SISTEM can also migrate the cloud for your MSMEs that still use various types of infrastructure that are still not too secure. So NETDATA can handle various types of clouds such as Software as a Service (SaaS), Platform as a Service, and also Infrastructure as a Service.

Continue on to discuss cyberattacks based on media downloads from the internet. Maybe we wonder whether downloading media from the internet can harm the computer.

Maybe we need to know the types of cyber attacks that often attack SMEs first.

Types of Cyber ​​Attacks

  • Email Spam

Usually, these attacks are most often carried out via spam emails that attach links or attachments containing viruses or malware.

In addition, there is also a phishing method, which is a fake login page. Usually the motive used is that you are told to change your Paypal account password or bank account to make it more secure.

In addition to passwords, other data were stolen such as telephone numbers, account numbers, ATM pins and so on.

  • DDOS

There are also DDOS or Distributed Denial of Service attacks that directly attack corporate server networks. This attack applies the law of the jungle, that whichever computer has strong specifications wins.

  • Man In The Middle Attack

There is also the Man In The Middle attack, this method of attack is that there is a second person eavesdropping on your data accessing the internet. So that this second person can intercept the valuable data and harvest the passing data.

However, this MITM attack is rarely found because many applications now encrypt their data so that even if it is stolen by a second person, they will not be able to read it.

MITM Attack Solution

There is an advanced solution to tackle MITM, namely using an encrypted VPN too. My advice is that you use SSL VPN from Fortigate which has proven security.

MSME Solutions Overcome Cyber ​​Attacks

Talking about cyber attacks is certainly something that needs to get awareness for MSME actors. The reason is that many companies that are still pioneering have become targets of cyber attacks. Of course, this is something that really needs to be considered so that nothing happens if you also have an MSME company.

So, what are the solutions to dealing with cyberattacks?

As a technopreneur, there is a need to invest in technology to do security. Maybe now a lot of adopt base on cloud where you don’t need to spend capital at the beginning. You already get income from Opex 9 and you just pay it to the cloud that is tailored to your needs.

This is one of the services of PT. NETWORK DATA SYSTEM which is very profitable. With this service, you really have to keep up with the times and not become an entrepreneur and technopreneur.

Planning also for the future IP Plan, not just planning for the present.

Apart from planning IP in the future, you can also implement multi-factor authentication (MFA). What is meant by multifactor authentication?

So, if you access a resource or any service, you will find a password. By implementing multifactor authentication, there will usually be 3 factors, including:

  • Something you have

Examples for this factor are access cards and also codes sent to personal cellphone numbers.

  • Something you are

Examples for something you are are fingerprints and retina.

  • Something you know

An example of something you know is a username and password.

Preparation For the MFA

If you have discussed the infrastructure of the MFA, now is the preparation for the MFA. There are many kinds that can be done. However, cloud-based ones already have an authenticator.

The easiest example is that you have a username and password authentication in an application but on the VPN side you have another OTP. So, the username and password become foreigners.

Zero Trust

Perimeter-based approaches have long been important for corporate network security, but are no longer relevant for modern applications. Organizations today are embracing better options for controlling access to applications and data with Zero Trust, the security paradigm for the modern digital enterprise.

Zero Trust is based on the idea that the network from which the request originates is a weak indicator of what the applicant should be allowed to do. Companies should not have confidence in the user’s network as a security measure and instead look to authentication and authorization schemes to deter attackers.

Still talking about cyber attacks against MSMEs which will enter the planning stage. So what are the assessments of future plans used to prevent cyber attacks against MSME businesses.

Risk And Vulnerability Assessment

If we have a system, what risks will occur if a cyber attack occurs. Whether it’s losing data, losing company reputation, losing customer trust.

As for vulnerability, how vulnerable is our system to be hacked. For vulnerability, several tests can be done to test for vulnerabilities, for example the Pentest, Vulnerability Assessment (VA) and many more.

After the assessment has been carried out, a score will come out in the form of a score, more precisely the CVSS Score, which assesses the vulnerability of a system.

Backup

Backup is a backup of corporate data to other storage. We must do this regularly if there is a cyber attack or our data is deleted by ransomware so that the data can be recovered.

Storage providers must also be trusted and have high security. Even though we have zero trust, at least we have done our utmost to prevent data loss from occurring.

NETDATA Solutions That Can Prevent Cyber ​​Attacks For MSMEs

Hardware-based firewall

NETDATA provides a variety of Firewall hardware because NETDATA has collaborated with various Firewall vendors.

Managed Service

NETDATA also provides managed service services in the security sector and has also been certified.

Or NETDATA also offers managed device services so customers don’t have to bother configuring their devices anymore.

Device Maintenance

NETDATA provides continuous maintenance of security devices. NETDATA prioritizes aftersales for every product purchased by its customers so that it continues to prioritize customer trust.

Cloud

NETDATA also offers a managed cloud and a reliable resource engineer. And also NETDATA provides on-premise integration with the cloud.

For portfolios that have been handled by NETDATA, it is direct connect, which provides a connection from the cloud into the Firewall, then the Firewall has an IPSec VPN backup.

Wow, it’s also complete, it’s definitely expensive, of course not because the question of price can be asked at sales@nds.id which can be tailored to the needs of your company.

That’s enough for our discussion of cyber attacks against MSMEs that might be a reference for your MSME business. Thank you and hope it is useful.

Leave a Reply

Your email address will not be published. Required fields are marked *

Semua operasional PT. Network Data Sistem akan menggunakan domain nds.id per tanggal 8 Mei 2019. Semua informasi/promosi dalam bentuk apapun selain menggunakan domain nds.id bukan tanggung jawab PT. Network Data Sistem Dismiss