BSSN Answers Data Breach Snub; Asserts 'Security is a Process'

TEMPO.CO, Jakarta - The National Cyber and Encryption Agency (BSSN) responded to allegations that suggests the agency had failed to follow the established standard for data security, which has allegedly led to a series of data breaches. The most recent case is the alleged breach by a hacker proclaiming itself as Bjorka. 

BSSN spokesperson Ariandi Putra insisted that “Security is a process. This means that securing data in the digital realm is a constant disciplined process,” said Putra to Tempo on Monday, September 12, 2022.

Based on BSSN data, Putra said, it was known that the main culprit behind the data breaches was Web Application Vulnerability and Phishing. "Web Application Vulnerability is a vulnerability caused by a misconfiguration on the web, causing sensitive data to be publicly accessible," said Ariandi.

Ariandi explained that phishing is a cyber attack technique that targets human weaknesses by tricking the victim to obtain sensitive information such as name, date of birth, age, home address, username, and passwords.

Previously, a cybersecurity and digital forensics expert from Vaksincom, Alfons Tanujaya, assessed that the number of leaks in Indonesia was due to not following data security standards with discipline.

In terms of the standards, he mentioned, there is the ISO 27001, ISO 27701, and the National Institute of Standards and Technology (NIST) Cybersecurity Framework. 

"[The current government] is undisciplined in running it [under these standards]," he added in a text message to Tempo on Sunday, September 11, 2022. 

MOH KHORY ALFARIZI

Click here to get the latest news updates from Tempo in Google News