TheJakartaPost
Please Update your browser
Your browser is out of date, and may not be compatible with our website. A list of the most popular web browsers can be found below.
Just click on the icons to get to the download page.
How to protect 2024 elections from cyberattacks
Extra protection must be added to the numerous devices and operating systems, such as the tools storing voters’ data.
Change Size
Leader in waiting: A local resident walks past a mural on the 2024 presidential election in Kedung Halang, Bogor, West Java, on June 13, 2022. Indonesia will hold its simultaneous legislative and presidential elections on Feb. 14, 2024. (Antara/Arif Firmansyah)
Data protection is one of the most frequently discussed topics lately, particularly with the recent string of data breaches in Indonesia involving private and state-owned companies from various industries.
The National Cyber and Encryption Agency (BSSN) has recorded over 714 million cases of cyberattacks in the country in 2022. Quite recently, about 105 million Indonesians’ personal data were allegedly leaked from the Political Party Information System (SIPOL), ahead of the 2024 simultaneous presidential and legislative elections.
While not proven, the allegation and a string of other data breach issues have underlined the urgency to mitigate cyber risks as soon as possible before the election period starts.
In the previous election periods, hoaxes were the main concern, varying from fake news to the dissemination of unethical personal information, which could potentially defame the election candidates’ reputations.
However, during the post-election period, there was also a concern about cyberattacks such as data hacking and manipulation of voting mechanisms involving electronic data processing, such as quick counts. Moreover, another cyber concern was incursions that were aimed at discrediting the polling process.
The upcoming elections also present a unique opportunity for cybercriminals to tailor their attack methods, based on political campaigns, platforms, and candidates' (as well as voters') behaviors. There are mainly two types of attacks that may affect the period. First, traditional cybercrime: Attacks to secure financial gain and are carried out by leveraging stolen data. Second, cyber hacktivism: Attacks focusing largely on persuasion or dissuasion to shift, stop or silence a political group or message.
In ensuring a cyber-safe elections period, there are a couple of solutions and recommendations that the government can implement to reduce cybersecurity risks for election systems. These include:
First, improve response times with analytics and automation.
New forms of threats keep evolving in a matter of minutes. The system needs to have the agility and ability to keep up with the latest malware and exploits, detect, and automatically prevent them across the network, clouds, and endpoints, within as few as five minutes.
Second, enforce Zero Trust Network Access (ZTNA) 2.0 for networks housing critical infrastructure.
Zero Trust is a framework whereby, by default, all users are denied network access. This means securing every part of the access route with powerful next-generation tools that detect and thwart attacks.
Implementing ZTNA 2.0 allows election officials to limit the attack surface by isolating internal network segments that house election data, having continuous trust verification and security inspection, as well as controlling only legitimate employees, applications, and traffic that can access the segment.
Third, protect critical endpoints.
During the election period, extra protection must be added to the numerous devices and operating systems, such as the tools storing voters’ data, as these are considered critical endpoints. A multi-method approach to block exploits, ransomware, malware, and other types of attacks also need to be implemented.
In addition, prospective voters also need to protect themselves against cyberattacks. Some steps that individuals can implement include:
* Think before clicking. Never click embedded links within an email, especially if the sender’s authenticity is questionable.
* Watch out for scare tactics. Phishers often employ scare tactics, threatening to disable an account or delay services until new or updated information is provided.
* Ignore unprofessional emails. Fraudulent emails are typically personalized and addressed directly to the individual; while real, authentic emails from political groups, financial organizations, or other similar businesses, will typically reference the specific details of a given transaction or account.
* Go directly to the source. Always be wary of emails or SMS requesting confidential information, particularly requests leveraging an embedded form or a link to an unknown site.
* Beef up security. Block these attempts from ever entering the network in the first place with an automated, prevention-first, platform approach to cybersecurity.
As we approach the presidential and legislative elections on Feb. 14, 2024, the urgency of cybersecurity is real and is not going away any time soon. Political parties, candidates, the government, and even prospective voters need to realize that cyber criminals are looking to gain from all of them, and that all of them are susceptible to cyberattacks.
While there is still time before the elections actually start, both individuals and organizations need to start focusing on the security of their data. Robust cybersecurity measures need to be put in place and cyber-safe practices need to be implemented as we gear up for the historical period in the country.
***
The writer is regional vice president, Palo Alto Networks ASEAN.
