C

ompanies and organizations must be able to first identify all cyberattack patterns in an attempt to develop a reliable protection system for their internet-based operations, an executive from a leading cybersecurity systems company suggested.

Speaking to reporters in Jakarta on Monday, Palo Alto Networks’ senior manager for the marketing of Supervisory Control and Data Acquisition (SCADA) system and Industrial Control System (ICS) products, Delfin Rodillas, said that “security alone is not enough” as something grander is needed to protect users from harmful emails and URLs.

Most data security servers in Indonesia, however, are not yet able to identify threats at the level they should, Rodillas said.

“If we are able to identify the core of these methods, then we are able to prevent attacks and block harmful users straight from the core before they even achieve the impact that they want,” said the executive of the California-based company.

ICS are command and control networks and systems designed to support industrial processes. The largest subgroup of ICS are SCADA systems, which allow users to monitor and control a plant or equipment in industries such as telecommunications, water and waste control, energy, oil and gas refining and transportation.

Rodillas said that most of the attacks or scams that came through the internet revolve around only 25 signature techniques that hackers and attackers re-use constantly.

“One attack can, for example, have the signature of 10,000 users but in reality, they’re carried out through one method or several strung together and it’s always the same,” he said.

The company explained further that security systems in Indonesia should focus on trying to prevent threats from springing up instead of just detecting them when they attack because after preventing an attack it is possible for the user to develop plans to restore their systems back to normal.

So far, several players in Indonesia’s banking and government sectors have expressed interest in Palo Alto Networks’ data security systems after the company expanded into Indonesia in 2014.

Rodillas also noted that to strengthen data security systems in Indonesia, the issue must be made a national one that would be able to catch the eye of both industry and government players and also foster collaboration between tech experts and regulators.

“You can’t just put up a firewall anymore. Hackers are getting better at bypassing that. What is needed are protection systems that can stop attacks even at that advanced level,” he said.

Indonesia does not necessarily need to develop its own cybersecurity framework as it is able to leverage global standards such as the National Institute of Standards and Technology (NIST) framework for use in its own systems.

Indonesia has one of the highest malware infection rates in Asia, with such an attack 50 percent more likely to occur here than to its neighbors. Cybersecurity breaches have cost the country up to Rp 33.29 billion (US$2.4 million).

Also, digital experts have been continuously encouraging businesses and institutions to adopt a culture of awareness and vigilance when it comes to digital security as more businesses are going digital.

“The response would be too slow if we just relegate the security businesses to the authorities. Everybody, from bosses to employees, are responsible for keeping their data safe,” Indonesia Cyber Security Forum (ICSF) chairman Ardi Sutedja said earlier this month.