Pengembangan Protokol TEBAS (Teliti, Evaluasi, Blokir, Amankan, Sampaikan) sebagai Kerangka Mitigasi Serangan Social Engineering Berbasis Komunitas
Kata Kunci:
Cybersecurity, Digital Literacy, Social Engineering, TEBAS Protocol, Information Security, Human-Centric Security, Phishing MitigationAbstrak
In the contemporary cybersecurity landscape, the attack paradigm shift from exploiting technical vulnerabilities to manipulating human psychology (social engineering) has reached a critical level. The 2024 and 2025 annual reports from various global and national security authorities indicate that traditional defense mechanisms centered on the technical perimeter are no longer sufficient to stem the tide of attacks targeting the user's cognitive layer. This paper proposes the development and formalization of a new mitigation protocol, TEBAS (Research, Evaluation, Block, Secure, Deliver). This protocol was designed using the Design Science Research (DSR) methodology to address the specific needs of Indonesia's digital ecosystem, characterized by a highly communal culture but facing a significant digital literacy gap. TEBAS integrates human-centric cybersecurity principles with global standard frameworks such as the NIST Cybersecurity Framework 2.0, but is adapted into operational procedures that can be implemented by individuals and communities. Through an in-depth analysis of current attack vectors such as Quishing (QR Code Phishing) and Deepfake Vishing, and validation using a modified Delphi method, this study demonstrates that TEBAS offers a holistic approach that focuses not only on individual detection but also on collective resilience through a community-based intelligence-sharing mechanism ("Convey").
Unduhan
Referensi
Microsoft, Microsoft Digital Defense Report 2024, Microsoft Corporation, Redmond, WA, 2024. [Online]. Available: https://www.microsoft.com/en-us/security/security-insider/microsoft-digital-defense-report-2024
IBM Security, X-Force Threat Intelligence Index 2024, IBM Corporation, Armonk, NY, 2024.
Group-IB, Hi-Tech Crime Trends 2023/2024: Digital Crime in the Era of AI, Group-IB Global Pvt. Ltd., Singapore, 2024.
Badan Siber dan Sandi Negara (BSSN), Laporan Tahunan Monitoring Keamanan Siber 2023, Direktorat Operasi Keamanan Siber, Jakarta, 2023.
Badan Siber dan Sandi Negara (BSSN), Laporan Tahunan Honeynet Project Indonesia 2024, Jakarta, 2024.
Asosiasi Penyelenggara Jasa Internet Indonesia (APJII), Survei Profil Internet Indonesia 2024, APJII, Jakarta, 2024.
DataReportal, Digital 2024: Indonesia, We Are Social & Meltwater, Feb. 2024.
Kontan.co.id, “APJII: Kasus Penipuan Online dan Pencurian Data Pribadi Masih Tinggi di 2025,” Kontan, Jakarta, Jan. 2025.
Trend Micro, Future/Tense: Trend Micro Security Predictions for 2024, Trend Micro Inc., Tokyo, 2024.
Trellix Advanced Research Center, The Rise of Quishing: QR Code Phishing Threats, Milpitas, CA, 2024.
Sumsub, Identity Fraud Report 2023: The Rise of AI-Generated Fraud, London, 2023.
CNN Business, “Finance Worker Pays Out $25 Million After Video Call With Deepfake CFO,” Feb. 2024.
M. Bada, A. M. Sasse, and J. R. C. Nurse, “Cyber Security Awareness Campaigns: Why do they fail to change behaviour?” in Proceedings of the International Conference on Cyber Security for Sustainable Society, 2015, pp. 118–131.
Pratama, “Analisis Forensik Malware Android Berkedok Undangan Pernikahan (.APK),” Jurnal Edukasi dan Penelitian Informatika (JEPIN), vol. 10, no. 1, pp. 45–52, 2024.
G. Hofstede, Culture's Consequences: Comparing Values, Behaviors, Institutions and Organizations Across Nations, Thousand Oaks, CA: Sage Publications, 2001.
ISO/IEC, Information technology — Security techniques — Information security management systems — Requirements (ISO/IEC 27001:2022), Geneva, 2022.
FBI Internet Crime Complaint Center (IC3), 2023 Internet Crime Report, Washington, D.C., 2024.
SlashNext, The State of Phishing 2024, Pleasanton, CA, 2024.
KnowBe4, 2024 Security Culture Report, Clearwater, FL, 2024.
Check Point Research, QR Code Phishing: The New Threat Vector, Tel Aviv, 2024.
National Institute of Standards and Technology (NIST), The NIST Cybersecurity Framework (CSF) 2.0, Gaithersburg, MD, Feb. 2024.
National Institute of Standards and Technology (NIST), NIST Releases Version 2.0 of Landmark Cybersecurity Framework, Press Release, Feb. 26, 2024.
S. F. A. Wibowo and H. B. Santoso, “Adopsi Kerangka Kerja Keamanan Siber untuk UMKM di Indonesia: Tantangan dan Rekomendasi,” Jurnal Sistem Informasi, vol. 19, no. 2, pp. 12–25, 2023.
C. P. Pfleeger and D. D. Caputo, “Leveraging Behavioral Science to Mitigate Cyber Security Risk,” Computers & Security, vol. 82, pp. 63–74, 2019.
Kirlappos and A. Sasse, “Security Education, Training and Awareness: From Compliance to Behavior Change,” in Information Security Management Handbook, 6th ed., Boca Raton, FL: CRC Press, 2012.
B. Stanton, M. F. Theofanos, S. S. Prettyman, and S. Furman, “Security Fatigue,” IEEE IT Professional, vol. 18, no. 5, pp. 26–32, 2016.
Mafindo (Masyarakat Anti Fitnah Indonesia), Laporan Tahunan Hoaks dan Penipuan Digital 2023, Jakarta, 2024.
Kementerian Komunikasi dan Informatika RI, Statistik Laporan Rekening Bermasalah di CekRekening.id, Jakarta, 2024.
Baddeley, M. W. Eysenck, and M. C. Anderson, Memory, London: Psychology Press, 2020.
S. Gupta, “Mnemonics in Cyber Security Education,” Journal of Cyber Security Technology, vol. 5, no. 1, pp. 1–15, 2021.
E. Casey, Digital Evidence and Computer Crime: Forensic Science, Computers, and the Internet, Academic Press, 2011.
R. Hevner et al., “Design Science in Information Systems Research,” MIS Quarterly, vol. 28, no. 1, pp. 75–105, 2004.
S. Gregor and A. R. Hevner, “Positioning and Presenting Design Science Research for Maximum Impact,” MIS Quarterly, vol. 37, no. 2, pp. 337–355, 2013.
Peffers et al., “A Design Science Research Methodology for Information Systems Research,” Journal of Management Information Systems, vol. 24, no. 3, pp. 45–77, 2007.
H. A. Linstone and M. Turoff, The Delphi Method: Techniques and Applications, Reading, MA: Addison-Wesley, 1975.
G. J. Skulmoski et al., “The Delphi Method for Graduate Research,” Journal of Information Technology Education, vol. 6, pp. 1–21, 2007.
S. Beecham et al., “Defining a Framework for Security Policy Evaluation,” in Proceedings of the International Conference on Information Systems Security, 2008.
ISO/IEC, Information security management — Monitoring, measurement, analysis and evaluation (ISO/IEC 27004:2016), Geneva, 2016.
R. Likert, “A Technique for the Measurement of Attitudes,” Archives of Psychology, vol. 140, pp. 1–55, 1932.
Badan Siber dan Sandi Negara (BSSN), Laporan Semester I: Monitoring Anomali Trafik 2025, Jakarta, 2025.
Palo Alto Networks Unit 42, Android Malware Trends: SMS Sniffers and RATs, Santa Clara, CA, 2024.
R. B. Cialdini, Influence: The Psychology of Persuasion, rev. ed., New York: Harper Business, 2006.
PhishTank, Phishing Statistics and Trends Report 2024, Cisco Talos, 2024.
Google, Safe Browsing Site Status, Google Transparency Report. Available: https://transparencyreport.google.com/safe-browsing/search
Otoritas Jasa Keuangan (OJK), Waspada Modus Penipuan Social Engineering (Soceng), Edukasi Konsumen, Jakarta, 2023.
Bank Indonesia, Peraturan Bank Indonesia No. 23/6/PBI/2021 tentang Penyedia Jasa Pembayaran, Jakarta, 2021.
SANS Institute, Mobile Device Security: A Comprehensive Guide, SANS Reading Room, 2023.
FIDO Alliance, FIDO Authentication: Moving Beyond Passwords, White Paper, 2023.
Republik Indonesia, Undang-Undang No. 1 Tahun 2024 tentang Perubahan Kedua atas UU No. 11 Tahun 2008 tentang Informasi dan Transaksi Elektronik, Lembaran Negara RI Tahun 2024 No. 10, Jakarta.
Kementerian Komunikasi dan Informatika RI, Panduan Pelaporan Konten Negatif, AduanKonten.id, 2024.
Bank Indonesia, Peraturan Bank Indonesia No. 2 Tahun 2024 tentang Penerapan Manajemen Risiko dan Keamanan Siber, Jakarta, 2024.
B. Kitchenham et al., “Preliminary Guidelines for Empirical Research in Software Engineering,” IEEE Transactions on Software Engineering, vol. 28, no. 8, pp. 721–734, 2002.
Unduhan
Diterbitkan
Cara Mengutip
Terbitan
Bagian
Lisensi
Artikel ini berlisensiCreative Commons Attribution-ShareAlike 4.0 International License.
HAK CIPTA
Hak cipta atas artikel apapun pada Jurnal Nasional Teknologi Komputer (JNASTEK) dipegang penuh oleh penulisnya dibawah lisensi Creative Commons Attribution-ShareAlike 4.0 International License.
1. Penulis mengakui bahwa Jurnal Nasional Teknologi Komputer (JNASTEK) berhak sebagai yang mempublikasikan pertama kali dengan lisensi Creative Commons Attribution-ShareAlike 4.0 International License - CC BY-SA.
2. Penulis dapat memasukan tulisan secara terpisah, mengatur distribusi non-ekskulif dari naskah yang telah terbit di jurnal ini kedalam versi yang lain (misal: dikirim ke respository institusi penulis, publikasi kedalam buku, dll), dengan mengakui bahwa naskah telah terbit pertama kali pada Jurnal Nasional Teknologi Komputer (JNASTEK).
LISENSI
Jurnal Nasional Teknologi Komputer (JNASTEK) diterbitkan berdasarkan ketentuan Creative Commons Attribution-ShareAlike 4.0 International License. Lisensi ini mengizinkan setiap orang untuk menyalin dan menyebarluaskan kembali materi ini dalam bentuk atau format apapun, menggubah, mengubah, dan membuat turunan dari materi ini untuk kepentingan apapun, termasuk kepentingan komersial, selama mereka mencantumkan kredit kepada Penulis atas ciptaan asli.
