ANALISIS KEAMANAN SIBER PADA SISTEM ELEKTRONIK BERBASIS PERSPEKTIF JARINGAN KOMPUTER DAN KETENTUAN BSSN: STUDI PADA IMBAUAN PHISHING DAN PENCURIAN KREDENSIAL
Studi pada Imbauan Phishing dan Pencurian Kredensial
DOI:
https://doi.org/10.47111/jti.v20i1.23404Keywords:
phishing, credential theft, computer networks, BSSNAbstract
Phishing attacks and credential theft are a growing cyber threat in Indonesia, particularly in the context of the use of electronic systems for public services. The National Cyber and Crypto Agency (BSSN) regularly issues security advisories to warn the public about attack patterns, potential losses, and mitigation measures. This study aims to analyze security messages related to phishing and credentials from a computer network security perspective and their alignment with the BSSN security policy framework. The research method used is a content analysis of relevant BSSN security advisories, complemented by a literature review on network security, social engineering, and information security governance standards. The results show that phishing attacks exploit weaknesses in the network layer, authentication, and user awareness. Attacks are primarily carried out through social engineering, perpetuation to fake websites, man-in-the-middle attacks, and credential harvesting. This study's recommendations include implementing layered security, increasing user awareness, strengthening authentication, and implementing information security governance in accordance with BSSN regulations. This research is expected to contribute to an improved understanding of phishing threats in the context of national cybersecurity.
Downloads
References
[1] R. Yudhiyati, A. Putritama, and D. Rahmawati, “What small businesses in developing country [1] Y. S. Nugroho et al., “Think of cybersecurity risks in the digital age: Indonesian case,” J. Information, Communication & Ethics in Society, vol. 19, no. 4, pp. 446–462, 2021, doi: 10.1108/JICES-03-2021-0035.
[2] J. Aljabri et al., “Hybrid stacked autoencoder with dwarf mongoose optimization for phishing attack detection in internet of things environment,” Alexandria Engineering Journal, vol. 106, pp. 164–171, 2024, doi: 10.1016/j.aej.2024.06.070.
[3] P. López-Aguilar, “Phishing vulnerability and personality traits: Insights from a systematic review,” Computers in Human Behavior Reports, vol. 20, p. 100784, 2025, doi: 10.1016/j.chbr.2025.100784.
[4] C. K. Kotabaru, “Waspada smishing baru: Modus penipuan tol elektronik,” 2025.
[5] J. Selatan, “Lanskap keamanan siber Indonesia 2024,” no. 70, 2024.
[6] L. Tang and Q. H. Mahmoud, “A survey of machine learning-based solutions for phishing website detection,” pp. 672–694, 2021.
[7] B. Naqvi et al., “Mitigation strategies against phishing attacks: A systematic literature review,” Computers & Security, vol. 132, p. 103387, 2023, doi: 10.1016/j.cose.2023.103387.
[8] Badan Siber dan Sandi Negara, “Peraturan BSSN tentang pengamanan sistem elektronik,” 2021.
[9] Badan Siber dan Sandi Negara, “Strategi Keamanan Siber Nasional,” Jakarta: BSSN, 2020.
[10] Badan Siber dan Sandi Negara, “Indeks Keamanan Informasi (Indeks KAMI),” Jakarta: BSSN, 2022.
[11] National Institute of Standards and Technology, “Framework for Improving Critical Infrastructure Cybersecurity,” NIST CSF, 2018.
[12] National Institute of Standards and Technology, “Digital Identity Guidelines,” NIST SP 800-63, 2017.
[13] International Organization for Standardization, “ISO/IEC 27001: Information Security Management Systems,” Geneva: ISO, 2022.
[14] A. Herzberg and A. Gbara, “Security and identification indicators for browsers against spoofing and phishing attacks,” ACM Transactions on Internet Technology, vol. 8, no. 4, 2008.
[15] M. Jakobsson and S. Myers, Phishing and Countermeasures: Understanding the Increasing Problem of Electronic Identity Theft, Hoboken, NJ: Wiley, 2007.think of cybersecurity risks in the digital age: Indonesian case,” J. Information, Commun. Ethics Soc., vol. 19, no. 4, pp. 446–462, 2021, doi: 10.1108/JICES-03-2021-0035.
