The use of the internet is now increasingly widespread in society with the various conveniences it offers, such as spreading access to information through news, communicating through various applications, online shopping, and access to banking products.
For this reason, an understanding of cyber security is needed for banking institutions and customers who use their products to avoid various forms of cybercrime threats that exist on the internet today, starting from leaking personal data, system abuse, and other modes of online crime.
What is Cyber Security
Cyber security is an effort made to protect computer systems from various threats or illegal access to minimize the entry of threats into computer systems. Cyber security itself includes tools, policies, and concepts that can be used to protect organizational and user assets.
In the context of banking, OJK defines cyber security as a condition in which confidentiality, integrity, and availability of information and/or information systems that are connected to each other through cyber media are maintained against cyber-attacks.
Important Aspects of Cyber Security
There are three important points in cyber security practices known as the CIA Triad, namely confidentiality, integrity, and availability. The CIA Triad is a security mode developed to help people understand various information technology security and is the main concept of cyber security.
-
Confidentiality
Confidentiality is an organization's effort to ensure data is kept confidential. For example, in a bank, not all employees need to have access to customer personal data because not all of them are directly involved with customer needs so customer data remains protected.
-
Integrity
Integrity ensures that the data displayed is genuine, accurate, consistent, and reliable for a certain period. For example, a bank's website must display transparent information regarding profile data for the composition of commissioners, directors, or banking services. If the information presented is not genuine, accurate, and reliable, you or other users who visit the website may feel that the bank is less reliable.
Errors in the integrity of information can occur intentionally, such as when a cyber-attack enters a banking website or application, and accidentally due to human error, such as an error in entering information or website/application code.
-
Availability
Availability (availability) is related to data availability as it should and when it should. This is also related to mitigation of unexpected things, for example, if there is a power outage or natural disaster, how can the system still provide reliable information.
Conversely, if there are no mitigating measures against the availability of reliable information in a force majeure situation like the one above, the information you or other users need may be disrupted. Conditions like this are also prone to information sabotage through denial-of-service (DoS) or ransomware attacks.
To ensure the availability of information in the conditions above, various supporting things such as hardware, software, network, and security equipment are needed, which must be maintained and their performance improved. This ensures uninterrupted function and data access so that communication is constantly available between components through sufficient bandwidth.
Forms of Cybercrime Threats
There are 5 methods of cyber threats that you need to know as follows:
-
Malware
Malware (malicious software) is one of the most common cyber threats. Malware is created to interfere with and damage computers through several types of malware, such as viruses, trojans, spyware, ransomware, and botnets.
-
SQL injection
SQL injection is an attack where malicious code is embedded in a string which is then passed to the SQL Server instance for parsing and execution. The way SQL injection works is by inserting code directly into user input variables which are combined with SQL commands and executed to take control and steal data from the data center.
-
Phishing
Phishing is one of the digital crimes to lure someone to reveal personal information through fake important messages in the form of e-mail, websites, social media, or other electronic communications.
There are three types of data that are targeted by phishing, namely personal data (name, age, address, telephone number), account data (usernames and passwords), and financial data (credit card or bank account information).
-
Man-in-the-Middle
Man-in-the-Middle attacks are threats in the form of intercepting communications between two individuals who believe they are communicating with each other so that the perpetrator can steal data or information from the conversation.
-
Denial-of-Service
Denial-of-service is an attack on a system on the internet by consuming the resources of a system so that its functions cannot work properly and indirectly preventing other users from gaining access to the system's services being attacked.
That's a discussion about cyber security that you can understand to avoid various cybercrimes. You can also read other safe transaction tips on the Bank MAS website.
Sources