Phishing and Social Engineering Still the Main Gaps of Digital Crimes

TANGERANG - In the midst of strengthening the increasingly layered banking security system, digital crimes still find gaps through human factors. The phishing and social engineering (social engineering) mode is said to remain the most common way for perpetrators to steal data and access banking systems.

IT Security Supervisor of PT Bank Central Asia Tbk (BCA), Ferdinan Marlim said that the attack based on psychological manipulation took advantage of the hesitation of users, both customers and employees to steal data, even though the technology infrastructure has been designed with a high level of security.

"Phishing and social engineering are very common. For companies, many phishing attacks are through email because it is the easiest way to get in," said Ferdinan in a discussion session Avoiding Phishing, Accessing KBB Business and BCA Services Safely at the BCA Expoversary Mini Studio ICE BSD, Tangerang, written Sunday, February 8.

Ferdinan explained that many cases of global-scale data leaks began with the success of perpetrators in manipulating victims to hand over sensitive information, such as user IDs and passwords.

"Many cases of global data leaks last year started with social engineering, when staff were successfully asked for their credentials, such as user IDs and passwords, then used to log into the system," he said.

According to Ferdinan, from the technology side, the banking company system is basically not easily penetrated. However, humans are often the weakest point in the digital security chain.

"If from the company's side, the system is actually not easy to penetrate. The easiest way is through phishing and social engineering," he said.

In addition to data theft, cyber attacks can also have a direct impact on the continuity of transaction services. One example is the Distributed Denial of Service (DDoS) attack which aims to make the system busy.

"DDoS is the goal of making our system busy, so that it is unable to serve transactions," said Ferdinan.

According to Ferdinan, to anticipate these various threats, BCA also implements a security strategy based on three main pillars, namely people, process, and technology.

Even so, Ferdinan believes that advanced technology alone is not enough without being balanced by the readiness and awareness of human resources (HR).

"It's not just about installing technology, but people are not capable and not aware," he said.

Ferdinan assessed that increased security awareness was carried out continuously through education and fraud simulations. One of them is by conducting internal phishing trials to measure employee alertness levels.

"We do phishing tests, see how many click and how many input data. This is to ensure employees are really aware and do not carelessly enter credentials," said Ferdinan.

According to Ferdinan, this effort is increasingly crucial in light of the dominance of digital transactions at BCA. Based on the company's records, almost all transaction activities have switched to digital channels.

"BCA transactions are 99.8 percent in frequency already done digitally," he said.