Bank Indonesia Data Theft Should Not Be Repeated, Personal Data Protection Bill Must Be Ratified Immediately

Hacker Illustration/Photo: Antara

JAKARTA - The leak of Bank Indonesia (BI) data can be considered as strong pressure for the Government and policymakers to immediately make the Personal Data Protection Bill (RUU) legalized.

This is because apart from this being the third data leak in early 2022, in the future, the potential for data leaks and breaches may be even greater considering that the digital space continues to grow.

"The government must work hard to make regulations that can support so that there is seriousness from data managers in carrying out data protection which is their responsibility. So don't just want to benefit from managing the data, but also be responsible for the data it manages," said Alfons Tanujaya, Cyber Security Expert from Vaccines, in a written statement on Monday, January 24.

He saw that the presence of special regulations for the protection of personal data can provide protection that has a strong binding force so that data protection is no longer underestimated by data management service providers in the country.

The service providers in data management will certainly be able to show commitment and work harder if there are legal consequences that cannot be avoided.

In the case of the BI data leak, which was confirmed directly through its official statement, the data leak was explained to have occurred only in one of its branches, namely Bengkulu, with leaks in 16 computers.

Although the leak seemed small for the size of the national service, Alfons explained that there were actually some other data that was finally revealed by the data hacker, namely Conti Ransomware.

Conti Ransomware at least stores other data from 200 computers with a total of 52,767 documents of 74.82 GB and is thought to have come from 20 other cities.

Although Bank Indonesia and public banks did not directly accept the consequences of financial losses, from this data leakage problem.

However, big losses can occur because other parties who have no interest in the data can check other confidential matters and can map the strength of the banking sector in the area where the data was compromised.

One of the leaked confidential matters regarding Bank Indonesia data leakage is the circulation of banknotes in each city.

Other data leaks in terms of population, all KTP data, NPWP, to account numbers are also part of this case.

Of course, this population data is very important because it does not only involve financial problems but all the ins and outs of your family can be known easily.

Alfons also suggested that policymakers should be more open in dealing with the problem of data leakage so that the public can prepare and take other preventive measures regarding data leaks.

“In terms of data leakage, it is actually not productive and there is no benefit in finding out who was at fault and giving punishment because it will not cancel the data that has been leaked and does not guarantee that the same thing will not happen again. However, transparency in providing information on leaked data will help owners of related data whose data was leaked so that they can anticipate and not become victims of exploitation of the leaked data," said Alfons.

Prevention

Of course, no one wants their data to be exposed on a large scale, especially in the digital space, especially when the leak turns out to be not from oneself but other parties.

From a regulatory perspective, the prevention of the existence of the PDP Law is highly anticipated and is expected to be the answer and solution to the problem of data leakage which so far has not been properly considered.

The discussion on the PDP Bill itself is currently still in the discussion stage between the Ministry of Communications and Informatics and the Indonesian House of Representatives.

In recent times, both the Ministry of Communications and Informatics and the Indonesian House of Representatives have both answered that the bill is just one step away from being ratified.

However, it seems that it will take a longer time for the draft to become a regulation after being discussed by stakeholders in the last two years.

Hopefully, in 2022 the PDP Bill can soon be passed into law and protect data owners in Indonesia.

Of course, layered security is also the answer for service managers based on community data so that the potential for data leakage is minimized.

Then in the midst of the current onslaught of data leakage threats, namely the presence of ransomware and extortionware, there must be extra protection owned by data owners to ensure that their data, especially in the digital space, can be more secure.

Ransomware and Extortionware are both modes of data theft that lead to extortion of money against the owner of the data.

In this type of ransomware, data owners in the digital space must at least have an antivirus with NGAV technology such as Webroot so that technological devices are protected from malware.

Alfons also suggests that users can use their services such as VaccinesProtect so that their data can be more protected.

However, to deal with extortionware, anti-ransomware protection will not be effective because even if the data owner manages to take back all the data and systems encrypted by the ransomware, the data has been downloaded and will still be distributed to the public if the data owner does not pay the requested ransom.

Of course, this threat is becoming more dangerous and must be handled more seriously.

Therefore, the solution to the extortionware problem is to encrypt all important data on all computers.

Data security can be met by a DLP (Data Loss Prevention) solution which will automatically lock or encrypt data if it is downloaded from an unauthorized computer. So that data thieves cannot open the downloaded data.

Of course, this Data Loss Prevention must be implemented routinely because the most important thing is implementation and security is not about the product but about the process of ensuring that objects or data that are guarded can be safe from the thief.