The digital age has been plagued by poor cybersecurity making organisations, individuals and communities vulnerable to security threats and breaches. Recently, one such attack engulfed Indonesia’s biggest Islamic Bank – Bank Syariah Indonesia (BSI). The bank suffered a ransomware attack that disrupted its services from May 8th to the 11th. State-Owned Enterprises Minister Erick Thohir confirmed that the bank’s system was compromised due to a hacker attack, and BSI’s management has been making efforts to transition to improve its information technology system in response.
What happened?
The state-owned Bank Syariah Indonesia fell victim to a cyber attack by a ransomware group anointed “LockBit3.0”. Based on consolidated sources, it was revealed that LockBit had leaked 8,133 files that belonged to BSI, including the personal information of 24,437 BSI employees and internal documents. It was also brought to the public eye that the ransom requested during the breach was $20 million, which was negotiated to $100,000 before it went up to US$10 million. The depth of the complaint by the bank’s customers involves blocked balances, unclear fund transfers, as well as the BSI mobile banking application that were down for a long time. The customer’s personal data information along with customer loan information at the bank has been confirmed to have been leaked.
What is the state of cybersecurity in Indonesia?
Based on the report from NCSI – National Cyber Security Index, the cybersecurity index of Indonesia as of March 2023 ranked 84th. The index uses 12 primary indicators including cybersecurity policy development, personal data protection, and the fight against cybercrimes. The report shows that Indonesia’s cybersecurity index is relatively low compared to other countries. Indonesia ranked the third lowest among the G20 member countries, only higher than Mexico and South Africa. The NCSI report is justifiable if we consider some particular facts in Indonesia.
44,776.891 traffic anomalies occurred in Indonesia throughout August 2022, according to the Public Monthly Report on Cybersecurity Monitoring Result of August 2022 issued by the National Cyber and Crypto Agency (NCCA). A traffic anomaly is a deviation from the normal anomaly that indicates cyber attacks. NCCA report also shows high email phishing case amounts in Indonesia during August 2022, in addition to the high traffic anomalies. Email phishing is an act to obtain personal information such as user ID, password, and other sensitive information by impersonating other people or authorized organizations. If pool polls the perpetrators successfully obtain it, they will use that information to conduct criminal acts. According to the report, 6,342 email phishing cases happened in August 2022.
Last but not least, the report also writes about website hacking cases in Indonesia. In August 2022 alone, there were 148 sites hacked by trespassers. The websites they hacked varied from government, law officers, to educational sites. There have been 62 cases of website hacking involving local government sites, followed by 54 cases involving educational sites, 19 cases involving law enforcement, and other cases. The high traffic anomalies, email phishing, and website hacking depict a clear picture that Indonesia’s cybersecurity system is still inadequate to deal with cyber attacks that harm people and national security.
Factors for the poor security
In the first place, existing regulations do not adequately regulate cyberspace activities. Currently, Indonesia has only two acts that regulate cyber activities, namely Law No. 11 of 2008 on Information and Electronic Transactions as amended by Law No. 19 of 2016 (EIT Law) and Law No. 27 of 2022 on Personal Data Protection (PDP Law). In spite of the fact that they already have some technical derivative regulations, the two acts are not adequate to regulate cyber activities in the country. Due to the rapid growth of the internet, cybercrime evolves with it, thus EIT Law and PDP Law cannot handle them alone. Cyber activities and cybercrimes in Indonesia need to be regulated by specific laws.
Secondly, Indonesia even today lacks a supporting information technology infrastructure. In order to reap the benefits of the 4.0 Industrial Revolution, society needs to be prepared to deal with the rapid growth of information technology. This requires an adequate information technology infrastructure. Instead of developing information technology infrastructure, the government is still focusing on physical infrastructure. In cities and rural areas, information technology infrastructure is unequally distributed.
Lastly, the digital literacy index of Indonesia is relatively low. Based on a report from the Directorate General for Telematics Application on Digital Literacy Index 2021 shows Indonesia’s digital literacy index scores of 3.49. However, if we observe closely, Digital Safety–one of its indicators–falls from 3.24 to 3.10.
Where is Indonesia headed?
While everything from finance to health records, from retail to real estate, education to logistics, is adopting digital. The end consumers are finding it difficult to keep faith in the overall system. There are hundreds and thousands of digital attacks of varied sizes, both accounted for and unaccounted for, on a daily basis. And Indonesia, being one of the fastest-growing economies reliant on digital means, faces a major share of these attacks. How do we overcome this?
What is needed is a new approach to tackling digital-first needs. Apt regulations against cyber attacks and attackers will to a great extent streamline the scenario. But there’s an urgent need to have a change of mindset—one that borders on urgency and solution-relevant efforts. The government’s recent initiative to build a new capital, moving from Jakarta to Nusantara may hold an answer. Joko Widodo, Indonesia’s President wants the new capital to be a high-tech city, as he stressed, “We want a new work ethic, new mindset, new green economy.” The new place will call for novel ideas, architecture, industries and ideologies. Tech adaptation will be a default setting to best connect Indonesia with the world. Technology usage will in turn call for promising solutions for the security of the data generated, stored and used across vertices.
As a firm routinely engaged with scaling companies and senior technologists, we understand the depths of these issues, how grave their impacts are, and the consequences of a simple miss. A deep understanding of the market is as important as a thorough knowledge of technology. Experts at Purple Quarter with years of industry know-how are adept in analyzing the needs and mapping the right tech leader fit for tech organizations —be it cybersecurity or technology as a whole.
It is crucial to have expert technologists and IT specialists who can dissect the most complex of problems to provide the best security solutions. With rising cybercrimes, their security is of utmost importance. The new capital, if well developed with the right provision for emerging technologies to thrive with added security, can become an investment magnet, positioning Indonesia as the Tech Capital of Southeast Asia in the making.
Authored by Richa
For more information, please reach out to the Marketing Team.