Hackers Are ‘Hunting’ Targeting Companies, What Should Be Done?

Morrissey Technology – Companies across sectors are still the target of hacking with the motive of extortion or ransomware. Instead of spending a lot of money after being hacked, consider more effective ways to prevent it. Kaspersky, a cybersecurity company, notes that the mode that mostly targets government organizations and companies is extortion or ransomware.

From 2022 to 2023, the number of targeted ransomware groups on a global scale increases by 30 percent. Likewise, the number of victims of targeted ransomware attacks increased by 70 percent in the same time period.

Maher Yamout, Senior Security Researcher at Kaspersky, said the group was “very persistent and has a great desire” to extort. If victims refuse to pay the ransom, cybercriminals often threaten to publish the stolen data.

After the leak, they then filed a lawsuit regarding personal data protection. The route for data theft is mainly through phishing or deception methods to obtain real usernames and passwords. The form is to spread links so that potential victims can click on them.

In 2023, Kaspersky anti-phishing technology detected 455,708 phishing attempts targeting companies of all sizes in Southeast Asia. Kaspersky said these phishing links were spread across various communication channels, including email, fake websites, chat applications and social media.

“Phishing is a trusted technique for cybercriminals to infiltrate business networks due to its success rate,” Yeo Siang Tiong, General Manager Southeast Asia at Kaspersky.

“The emergence of generative AI helps cybercriminals make phishing messages or fraudulent resources more convincing. As a result, it has become difficult for people to differentiate between fraudulent and legitimate communications,” he continued.

Kaspersky recorded that Indonesia was in the top three for phishing financial sectors in Southeast Asia with 97,465 incidents. Topping the standings were the Philippines with 163,279 attempts, with runner-up Malaysia 124,105 attempts.

Various handling methods are recommended, from installing security solutions, cybersecurity budgeting, to regular training. However, said Kaspersky, various studies reveal that 46 percent to 77 percent of cyber incidents are related to human factors, ranging from non-compliance with policies, malicious insider factors, to a lack of IT transparency in contractors.

What the company must do

Budi Setiawan from the British Standard Institution (BSI), the ISO standards certification organization, said companies have so far taken more action after being attacked.

“76 percent of companies allocate [cybersecurity] budgets after an incident occurs,” he said, at the event of awarding ISO 27001:2022 to Polytron.

In fact, he said, it is much more effective if you do it before an incident occurs, aka through prevention. This is also covered in the ISO 27001:2022 standardization regarding information security system management.

“The advantage of this ISO is that it emphasizes preventive risk management measures. Prevention is better than cure, so it doesn’t leak,” he said.

Budi continued, in the certification process, ISO FOR4D also provides a number of awareness to HR, whether in the form of protecting passwords to emails. According to the official website, ISO/IEC 27001 helps organizations become risk aware and proactively identify and overcome cyber weaknesses.

ISO/IEC 27001 also promotes a holistic approach to information security: examining people, policies, and technology. In the same place, Polytron Chief Commercial Officer Tekno Wibowo said that data protection is everyone’s obligation. However, as a company, which holds a lot of consumer data, the responsibility for protection is great, especially after the PDP Law came into force.

“As a responsible company, we have to ensure that we have procedures, data security is guaranteed. So that even if there is a leak or attack, the data won’t come from us,” he explained.

“With ISO 27001, we are more confident that our consumer data will be better protected.”

Regarding its effect on company profits, Tekno said that ISO plays a more important role in terms of consumer trust.

“Consumers are increasingly confident in choosing Polytron in terms of protecting their data,” he stressed.