The Influence of Awareness, Behavior and Willingness of State Civil Apparatus on Cyber Vulnerability
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
LINGUISTICA ANTVERPIENSIA, 2021 Issue-1
www.hivt.be
ISSN: 0304-2294
The Influence of Awareness, Behavior and Willingness
of State Civil Apparatus on Cyber Vulnerability
Herlina Juni Risma Saragih
Universitas Pertahanan RI, Indonesia
Corresponding email: herlina.saragih@idu.ac.id
Vita Mayestinasari
Sekolah Tinggi Ilmu Kepolisian, Indonesia
Issue Details Abstract
Issue Title: Issue 1
Received: 15 January, 2021 This study aims to determine the extent to which state civil servants (ASN) in the
Accepted: 08 February, 2021 three regions understand cyber vulnerability. Three measuring tools are used to
Published: 31 March, 2021 determine the level of vulnerability in each local government, the three are awareness,
Pages: 1531 - 1538 behavior and willingness. From the three instruments, it was found that the level of
awareness of ASN was generally good value above 2.5 as a reference value from Likert
Copyright © 2020 by author(s) and
scale of 4.0, which is the maximum score, with the following results: In terms of
Linguistica Antverpiensia
awareness, Central Java outperformed the other two provinces with 3.33, and followed
by South Sumatra and West Java respectively 3.29 and 3.24. In terms of behavior, South
Sumatra outperformed the other two provinces with 3.33, and followed by West Java
and Central Java respectively 3.06 and 3.03. Lastly, in terms of willingness, South
Sumatra outperformed the other two provinces with 3.16, and followed by West Java
and Central Java respectively 3.15 and 3.11. This difference is not significant, so it can
be concluded that the three regional governments have the same willingness.
INTRODUCTION
Information and communication technology (ICT) has a very important role
in various aspects of human life, from social, economic, legal, governance,
security, defense, and other aspects. In the last two decades, the
development of information technology has brought the world to a digital
era that relies on the use of cyber space that connects various computer
networks around the world using the internet. The emergence of cyberspace
has eliminated various boundaries in human life. Through the use of the
internet, information can be processed and disseminated in real-time so that
it greatly helps increase productivity, efficiency and effectiveness in
various human activities. This activity affects the pattern of human life
which in turn has an impact on people's culture.
The use of cyber space cannot be separated from the various potential risks
and cyber threats that can have negative implications for its users. Cyber
threats have developed rapidly over time. The Morris Worm was one of the
first cyber threats of the late 1980s to accidentally deviate from its original
purpose. At first the worm was created to identify the wide range of the
internet network, but in the end, it had a negative impact, namely
overloading every network in its path. This incident was the first
Distributed Denial of Service (DDoS) in the world. Since then, the cyber
1531 LINGUISTICA ANTVERPIENSIALINGUISTICA ANTVERPIENSIA, 2021 Issue-1
www.hivt.be
ISSN: 0304-2294
threat has grown very rapidly in line with the increasing need for the use of
cyberspace and the emergence of various bad intentions from irresponsible
parties to exploit cyberspace for personal or group interests.
In 2018, BSSN together with the Indonesia Honeynet Project stated that
there had been 12.895 million cyber attacks. This number was only visible
on the surface, with the potential for another attack possibly being greater
than that number. Detailing the source of the cyber threat, the second
ranking of cyber attacks, which is 45%, occurred due to a lack of basic
cyber hygiene, namely weak passwords, careless conversation, and other
causes. In addition, another source of attack that was ranked third was the
infection of a USB stick from one computer to another (Suryasa et al.,
2019). These two factors indicate that a cybersecurity culture has yet to
emerge from internet users. They feel they are not the target of cyberattacks,
so they ignore the early warning from the system when an attack is detected.
Cyber attacks are a challenge for policy makers in the industrial era 4.0. In
May 2017, a WannaCry Ransomware cyber attack caused disruption to
companies and hospitals in more than 150 countries including Indonesia.
The attack is a call for broader cooperation in cyber security with countries
around the world. WannaCry or Wanna Decryptor is a specific ransomware
program that locks all data on the computer system and leaves the victim
with only two files: instructions on what to do next and the Wanna
Decryptor program itself. When the program is opened, the computer will
notify the victim that their files have been encrypted, and give them a
deadline to pay, warning that their files will be deleted. The attacker
demanded payment in Bitcoin, provided instructions on how to buy it, and
provided a Bitcoin address to send.
In addition, several cyber attack cases that have occurred in Indonesia are:
BCA case in 2001, where the site www.klikbca.com was damaged by a
hacker by creating several pun sites, so that if the customer typed the name
of the site, he would enter the fake site; The Petrus Pangkur case in 2003,
Patrus broke into US credit cards and made purchases of goods via the
internet; The case of Deni Firmansyah who managed to hack into the KPU's
IT network by penetrating IP tnp.kpu.go.id in 2004; The case of burglary
to the official website of the President of the Republic of Indonesia
(www.presidensby.info) in 2007, as a result, the main page of the site
displayed a letter of demands addressed to the President SBY; the
breakdown of user and partner data from uber in November 2016.
A national strategy in building national cybersecurity has been formulated
by the Indonesian government which includes legal measures, technical
measures covering standards and operations, organizational and
institutional arrangements for cybersecurity within the scope of national
interests, enhancing the capacity of human resources (HR) in cybersecurity
and enhancing cooperation. international. Among the factors that create
vulnerability to cyber attacks is the human factor, because this factor
becomes the entry point for cyber attacks. The concept of Cybersecurity
Awareness demonstrates the failure of the computer industry to design
cybersecurity training. Therefore, to evaluate awareness, behavior and
1532 LINGUISTICA ANTVERPIENSIALINGUISTICA ANTVERPIENSIA, 2021 Issue-1
www.hivt.be
ISSN: 0304-2294
willingness to use the internet, especially for government ministries /
agencies, it is necessary to carry out information on the extent of its
implementation in the field.
Malaysia's journey to a knowledge-based economy or K-economy in 2020
has been declared by the Prime Minister of Malaysia since February 1991.
This awareness has been built for a long time by the Malaysian government
by creating a large multimedia corridor and promoting the use of
information technology. and communication as the main means of building
his government. The increasing dependence on digital information systems
in almost all sectors has led to increased vulnerability and risks, especially
to critical government infrastructure or what is known as CNII (the Critical
National Information Infrastructure). To protect the country from cyber
attacks, the Malaysian government through the National Cyber Security
Policy (NCSP), an institution that implements cybersecurity in a
comprehensive and integrated manner, is tasked with ensuring CNII can be
properly protected.
The increasing internet speed and the number of WiFi facilities in Malaysia
are increasing the number of internet users who have the potential to be
exposed to various cyber threats and vulnerabilities. This is what drives the
need for public awareness and understanding of security issues, namely by
changing the way of thinking, point of view and behavior of internet users.
This awareness effort requires leadership and involves many parties,
especially related Ministries / Agencies. The Malaysian government itself
has a special strategy through a program called the National Strategy for
Cyber Security Acculturation and Capacity Building. The program, which
was implemented in 2010, targets people to follow best practices, habits
and behavior that are good and safe in using the internet. All of these tasks
were initiated by CyberSecurity Malaysia by involving K / L related to one
of them with a national awareness campaign called CyberSAFE or Cyber
Security Awareness for Everyone.
Referring to cyber vulnerabilities and the risks and impacts caused by their
attacks, a special study is needed to obtain information about the level of
awareness of the privacy, behavior and willingness of ASN internet users,
researchers implemented the Cyber Security Behavior Instrument (CSBI)
compiled by Muniandy et al. , (2017), each of which contains 10 statements
using a Likert scale. With this instrument, it is hoped that accurate
information will be obtained about cybersecurity behavior in the State Civil
Servants (ASN) environment which is the subject of research, and can be
the basis for making policies in the future. The research area, questionnaire
and group of questions can be explained as follows: awareness, behavior
and willingness.
METHODS
The data used in this evaluation will come from primary and secondary
data. Primary data in this evaluation were obtained through interviews and
FGDs with sources and field observations, while secondary data was
obtained through questionnaires and literature studies on related policies
and regulations as well as other relevant literature such as international
1533 LINGUISTICA ANTVERPIENSIALINGUISTICA ANTVERPIENSIA, 2021 Issue-1
www.hivt.be
ISSN: 0304-2294
cybersecurity standards, journal articles. academics, books, and so on. In
order to ensure data validity and reliability, this evaluation will conduct
triangulation of data sources, data collection methods, and theories.
The subjects of this evaluation consist of: Government and Local
Government Procurement Policy Agencies. In the implementation of the
evaluation, it is possible that the agency that is the object of evaluation is
an agency in the region, by taking into account the goals and objectives of
this evaluation activity.
The data analysis technique used in this evaluation is descriptive statistics
on questionnaires distributed in several agencies and local governments.
Descriptive statistics are carried out by presenting and describing the
processed questionnaire data to obtain an overview of the cybersecurity
conditions in K / L / D which are the object of evaluation. In the context of
this evaluation, the cybersecurity ecosystem is a problematic situation that
needs to be evaluated so that it can be improved in the future. The
questionnaire designed refers to Lalitha Muniandy et al (2017) as follows:
Awareness
How internet users can better express, protect, and control the
confidentiality of their personal information.
Behavior
How internet users behave in the electronic transactions they carry out.
Willingness
How internet users have the desire to do something important in electronic
transactions
Validity and reliability tests were carried out to determine the extent to
which the instruments were made, in terms of accuracy and reliability.
Factor analysis is also carried out to identify the extent to which the design
of the research instrument made can reveal the objectives of this research.
In this study the Kaiser-Meyen-Olkin measure was applied to obtain the
factor analysis information. Validity and reliability testing with the SPSS
program uses Product-Moment correlation. Validity and reliability aim to
determine the extent to which the questionnaire made is appropriate and
reliable for a study. The validity test is done by comparing the calculated r
number with the r table. If r count is greater than r table, the item is declared
valid. To get the calculated r value, the SPSS program is used, while the r
table is obtained by looking at the r table with the minimum r requirement
is 0.3 (Sugiyono, 2011).
Meanwhile, the reliability test is carried out by comparing the Cronbach
Alpha number with the provision that the minimum Cronbach Alpha value
is 0.6. That is, if the Cronbach Alpha value obtained from the results of the
SPSS calculation is greater than 0.6, it can be concluded that the
questionnaire created is reliable (reliable), and vice versa if the Cronbach
Alpha value is less than 0.6, it is concluded that it is not reliable. The use
of Cronbach Alpha is not the only guideline to declare the instruments used
1534 LINGUISTICA ANTVERPIENSIALINGUISTICA ANTVERPIENSIA, 2021 Issue-1
www.hivt.be
ISSN: 0304-2294
are reliable. To test unidimensional statements, additional analysis is
required, namely Explanatory Factor Analysis. In this analysis it is
calculated through the KMO Factor Analysis technique which will be
discussed in a separate section.
The research locus was carried out in three local governments, namely the
Municipal Government of Surakarta, the Provincial Government of South
Sumatra and the Provincial Government of West Java, with the
consideration that the three regional governments already have relatively
adequate infrastructure compared to others.
RESULT AND DISCUSSION
Reliability and Validity Test
Referring to Sugiyono (2011), the item acceptance criteria is by looking at
the minimum r value of 0.3, it can be said that almost all items used in the
questionnaire are said to be valid, there are only 2 items whose value is less
than 0.3, namely the statement item " privacy awareness ”no. 2 “Ignore
notification emails about something unusual / too good from well-known
organizations or institutions” and no. 6 "Knowing and being able to identify
/ recognize the latest online fraud mode". This statement may make the
respondent ambiguous, so that the answers given do not meet expectations.
However, it does not reduce the significance of the constructs that have
been built in this questionnaire. This can be an input for further research.
From the reliability test table above, the Cronbach's Alpha value for the
construct, respectively for privacy awareness, behavior and willingness are
0.759, 0.804 and 0.784, all of which valid and reliable.
Factor Analysis Test with the Kaiser-Meyen-Olkin KMO
Factor analysis is carried out to analyze the grouping of factor variables in
a study. This analysis aims to filter out which variable is the most superior
or the most dominant of the selected variables in a study. The results of the
factor analysis can also be used to distinguish the priority components or
variables based on the existing ranking order. This analysis was carried out
with the help of SPSS software. The assumptions used in this analysis are
as follows: (1) The data for each of the studied variables is normally
distributed, (2) the Kaiser-Meyen-Olkin Measure of Sampling Adequacy
(KMO MSA) value is greater than 0.50 and the Bartlett's Test value of
Sphericity (Sig.) is less than 0.05, and (3) There is a strong relationship or
correlation between variables which is indicated by the Anti-image
Correlation value between variables that is greater than 0.50.
KMO and Bartlett's Test
Kaiser-Meyer-Olkin Measure of Sampling Adequacy. .763
Bartlett's Test of Sphericity Approx. Chi-Square 1682.224
df 435
Sig. .000
Figure 1. KMI and Bartlett’s Test
1535 LINGUISTICA ANTVERPIENSIALINGUISTICA ANTVERPIENSIA, 2021 Issue-1
www.hivt.be
ISSN: 0304-2294
In this study, the adequacy of sampling indicated by the KMO MSA value
obtained a value of 0.763, this value is greater than 0.50, which indicates
an appropriate level of adequacy. If the factor analysis value approaches the
value of 1 as shown in the KMO Results Table above, the results are getting
better (UCLA, 2015). The results of Bartlett's Test of Sphericity (Sig.)
Show a value of 0.000 less than 0.05. It can be concluded that the
questionnaire designed in this study has met the sufficiency requirements,
and the results are acceptable.
In this study, the adequacy of sampling indicated by the KMO MSA value
obtained a value of 0.763, this value is greater than 0.50, which indicates
an appropriate level of adequacy. If the factor analysis value approaches the
value of 1 as shown in the KMO Results Table above, the results are getting
better (UCLA, 2015). The results of Bartlett's Test of Sphericity (Sig.)
Show a value of 0.000 less than 0.05. It can be concluded that the
questionnaire designed in this study has met the sufficiency requirements,
and the results are acceptable.
Respondent’s statements are divided into 4 Likert scales with the following
categories:
Score of 1 for the statement "Strongly disagree", score 2 for the statement
"Disagree", score 3 for the statement "Agree" and a value of 4 for the
statement "Strongly agree". Based on these categories, the mean value that
is used as a barrier between the criteria for "Good" and "Not Good" is 2.5,
because this value is the median of the 4 Likert scales made. In this study
the criteria for good were divided into two, for statements containing the
opposite meaning, the result below 2.5 was “Good”. Meanwhile, for those
containing linear or unidirectional meaning, the result above 2.5 is "Good".
In each statement a note will be given whether the attitude of the ASN of
each province is good or not. The illustration of the mean dividing the two
categories can be described as follows:
Figure 2. The Boundary between Good and Not Good
Table 1. Summary of Awareness, Behavior and Willingness
Reg Gov Awe Beh Wil
Central Java 3.33 3.03 3.11
South 3.29 3.16 3.16
Sumatera
West Java 3.24 3.06 3.15
In terms of awareness, Central Java outperformed the other two provinces
with 3.33, and followed by South Sumatera and West Java respectively 3.29
and 3.24.
1536 LINGUISTICA ANTVERPIENSIALINGUISTICA ANTVERPIENSIA, 2021 Issue-1
www.hivt.be
ISSN: 0304-2294
In terms of behavior, South Sumatera outperformed the other two provinces
with 3.33, and followed by West Java and Central Java respectively 3.06
and 3.03.
Lastly, in terms of willingness, South Sumatera outperformed the other two
provinces with 3.16, and followed by West Java and Central Java
respectively 3.15 and 3.11. This difference is not significant, so it can be
concluded that the three regional governments have the same willingness.
CONCLUSIONS
In terms of privacy awareness, Central Java Province has the highest level
of awareness among the other two provinces. This could be due to the
higher education average of ASN Central Java Province compared to the
other two provinces which were the research objects. Education gives a
high role for one's awareness of cyber-attacks.
In terms of behavior, South Sumatra Province has the best behavior level
compared to the other two provinces. Specifically for West Java province,
ASN behavior is cautious. The surprising result was obtained from the
behavior of ASNs who often download free software from the internet. This
needs to be of particular concern to the Regional Government so that the
risk of cyber-attacks as a result of this action can be reduced, and familiarize
ASN to consult with the TIK Admin or the Ministry of Communication and
Information Office, if possible, before installing free software from the
internet.
In terms of willingness, all provinces have almost the same level of
willingness. This is quite good, but with data on the intensity of online
transactions of ASNs which is quite high, more intense self-awareness
training is needed to prevent the entry of cyber-attacks due to hacking of
ASN online application accounts.
The results of the bivariate correlation test show a strong relationship
between "Privacy Awareness" and "Behavior" towards "Willingness" with
a significance of 1%. The "Behavior" aspect has a higher correlation with
the "Willingness" to act safely than the "Privacy Awareness" aspect. This
can serve as a reference for local governments in making specific policies
on ASN behavior through the development of a safe cyber culture, because
it is more effective in preventing cyber-attacks. However, this does not
mean that it negates the awareness of ASN's privacy in using the internet.
REFERENCES
[1]. Bappenas RI. (2019). Kumpulan Policy Brief Evaluasi Tematik Tahun 2019.
[2]. Menteri Kominfo Pada “High Level Segment ITU Council 2008” Yang
Membahas Cyber security.
http://www.postel.go.id/info_view_c_26_p_814.htm
[3]. Ministry of Science. (2006). Technology and Innovation, Malaysia, “National
Cyber Security Policy: The Way” Federal Government Administrative Centre,
July 2006
[4]. Mohd Shamir Hashim, Malaysia’s National Cyber Security Policy the
Country’s Cyber Defence Initiatives, CyberSecurity Malaysia, 2011
1537 LINGUISTICA ANTVERPIENSIALINGUISTICA ANTVERPIENSIA, 2021 Issue-1
www.hivt.be
ISSN: 0304-2294
[5]. Muniandy, L., Muniandy, B., & Samsudin, Z. (2017). Cyber security
behaviour among higher education students in Malaysia. J. Inf. Assur. Cyber
Secur, 2017, 1-13.
[6]. Pratomo, Y. (2019). APJII: Jumlah Pengguna Internet di Indonesia Tembus
171 Juta Jiwa. kompas. com.
[7]. Schneier, R. (2013). Schneier on Security: Security Awareness
Training. Online],[Retrieved September 1, 2015], https://www. schneier.
com/blog/archives/2013/03/security_awaren_1. html.
[8]. Suryasa, W., Sudipa, I. N., Puspani, I. A. M., & Netra, I. (2019). Towards a
Change of Emotion in Translation of Kṛṣṇa Text. Journal of Advanced
Research in Dynamical and Control Systems, 11(2), 1221-1231.
1538 LINGUISTICA ANTVERPIENSIAYou can also read
