Information technology security is a crucial factor for a company to run its business safely and sustainably. Unfortunately, many companies in Indonesia have not yet realized this. Therefore, couple days ago ArsiaNews interviewed Muhammad Yahya, founder and President Director of Prima Garda Teknologi (Primatek), a company that has long been focused on IT security in Indonesia.
Prima Garda Teknologi has high profile clients, including several institutions that handle state-related secretive information. To ArsiaNews, Yahya, who completed bachelor’s and master’s degrees in information technology faculty at International Islamic University Malaysia (IIUM) and has been in the Information Technology security field for more than a decade, tells about his company, security issues in Indonesia, and tips on maintaining information security.
Q: Since when are you engaged in IT security?
A: I and my friends from university have started to be interested in information security since 2008. But we just started to set up a company in 2012. At that time not many in Indonesia focused on this field. There are several, but most of these security companies are foreign companies. And I also happened to have worked at a foreign security company. And I see that there needs to be a local company engaged in the cyber security sector.
Can you tell us the story until your team finally set up a company?
Initially, in 2008, I went to a government body that needed a solution from us. The agency requires a security solution from local companies. When I gave the company profile, it turns out they just found out I’m from a foreign security company. Finally, they told us that they need a local company because it involved national secrets.
From there, then I talked to my friends to start a new company. We started a small company, the turnover was also small. Until one day we finally met some principals, they supported the tools, so that’s where we finally made a company in 2012, which not only offered tools and products but also offered security solutions.
The important thing is, security is not merely a product. When talking about security products, there are a lot of those on the market. But we don’t just sell products, but offer solutions. We are combining available products to overcome the problems faced by the company.
We integrate these products to produce the output and good added value that the company needs. That’s where the art is. If we cannot provide a solution like that, it means that we only become product sellers like others. And that we avoid.
To what extent are the awareness of the people and companies in Indonesia about the importance of maintaining the security of their data?
I think, public awareness here about the security of their data still has to be greatly improved. Maybe because of habit problems. But now it’s better than 2008-2009.
In the early days of the internet, people prefer to use anonymous accounts. But now we see the trend changes. Moreover, the millennials are so easy to open personal info online. What do you think?
Well, that’s what I mean by the lack of awareness taking care the personal info. If you are not careful, this info can be misused to exploit you. For example, there are many cases of people you don’t know and then call, then try to dig up additional information to take advantage, hack your personal accounts, such as credit cards.
Not necessarily our personal data they get from the bank. Their initial information can be obtained through social networks. So, you should not write down all personal information on social media which can be accessed openly. Many people made a mistake because at first, they opened sensitive information on social networks.
What is the rate of loss caused by online fraud in Indonesia?
Very high. In our country, it is still relatively high. Given the size of our population of around 250 million, socializing security practices in online activities is indeed not an easy job. When telecommunication operators begin to provide internet packages (data plan) at low prices, they are not accompanied by adequate education for good and healthy use of the internet.
Well, this is a problem. Security issues are not just government matter. Telco operators also have an obligation to educate online security issues to their customers. So don’t just sell as much data plan as possible. There must be a role for telecommunication providers to increase public awareness of internet security issues.
CIMB Niaga Bank can be a good example of educating their customers about security. Their call center always tells its customers to never give up a username or other personal data if someone asks, even if the one who asks is the bank staff themselves.
From the very beginning it continued to be socialized, then it would be very difficult for cybercriminals to try to commit fraud to CIMB Niaga bank customers.
Indonesia is a country with the largest social media users in the world. What are the restrictions that must be kept in mind when using social networks to stay safe, regarding even the large social media cannot avoid user data leakage?
For companies, of course, why not include data for marketing or customer service needs, such as contact data, telephone numbers. But for personal users, you should not need to include personal data on social networks, unless you are always vigilant. Because it is feared you will be targeted by fraud.
Actually, social media is like a container. It’s us as a user need to manage the information carefully. As an analogy, the knife factory will sell knives. The user himself determines whether he uses a knife to cut a cow, cut a goat, cut vegetables, or cut a human’s neck.
Now those social media users become overexposed because they were posting a status every time. I am here, I was there, and so on. So they post a status that can be used to deceive themselves.
Does Indonesia lack of human resources with expertise in the security sector?
Security is a field where development is extremely fast. We have to follow the dynamics so we don’t miss it. It is like building a house. After building the foundation, we must build walls and windows so that you are not windy. After that, you must build a roof so you will not become wet when it rains.
After building the roof, there might be a hole and it must be patched again, and so on. That is the security, every time a new way is found to exploit, we must immediately anticipate it.
So we also provide training in the field of IT security which works with various parties, including EC Council, an international company that provides training in the field of security.
The training package is complete, ranging from infrastructure security, applications, as well as physical security. Even company security guards also get training to treat guests properly. Like why guests have to exchange their ID, check whether guests bring USB Flash or not, and others.
How do you see the security aspects that surround future technological developments, such as social media, the internet of Thing, artificial intelligence?
I am sure that the future development of technology will be far more rapid and make it easier for humans. We must be able to take advantage of technological inventions for positive things. Because the advance of technology could make people lazy. Now through an application, users can ask anything and the cellphone can answer right away.
It might be our hands or other body parts less moving and not functioning proportionally. Even though the Messenger of Allāh said ‘‘fil harakatil barakah’’. Meaning The more we move, the more blessings we will get. Well, if the technology actually makes the user does not move, it can be a danger for their health. And we can be dependent on this technology.
What message do you want to convey about security and regarding the anticipation of future technological developments?
We are given instinct by God to do good and reject evil. Whereas we are facilitated by the internet. The internet can be used for good or to commit crimes. Everything depends on us. If we want to live well, of course, we will avoid bad things. But security anticipation must always be there.
Technology, the Internet, cell phones are great inventions, a gift to mankind. Use it all for good things for human benefit, so that humans can live in a healthy and peaceful way. Never misuse it, because later the consequences will definitely be bad. Just do use that technology to be something that provides good output.