“Cybersecurity awareness is still lacking in Indonesia. All digital systems have the potential to be hacked no matter how well the technology is implemented.”
Heaptalk, Jakarta — The digital economy has developed rapidly as a contributor to a country’s economic growth. Chairman of the Communication and Information System Research Center (CISSReC) Dr. Pratama Dahlian Persadha, said that the potential for the digital economy in Southeast Asia is utterly high, reaching Rp300 trillion or worth US$19.5 billion (US$1 equals Rp15,386).
However, this high potential also encounters multiple serious threats, specifically concerning cybersecurity. Countless parties have not prioritized security in building digital systems, even, ignoring its critical role in digital activities.
According to Pratama, business people in the digital economy sector in Southeast Asia, including Indonesia, rely on excellent technology to build digital systems. No matter how advanced technology is implemented, all digital systems have the potential to be hacked by irresponsible parties, mainly if the security is not built and maintained properly.
However, Pratama perceived that the awareness of the importance of cybersecurity in Indonesia remains diminutive and this problem becomes the main reason why data breaches, hacking, and other cyber attacks recur oftentimes.
Invading a country through cyber warfare will be easier than using bombs and nuclear
“Many people think that a system with excellent technology is adequate, then it can do fast calculations, it looks great, but they forget that there are security issues that must be considered. All the digital system solutions we create will be in vain if the security is bad and, in the end, the system is damaged by someone. The system could be tampered with, the data modified, or the money stolen. Hence, this is a big issue,” said Pratama.
Moreover, Pratama sees that digital economy actors in Indonesia, including high-level stakeholders, lack security awareness. This issue makes them underestimate the threat of cyberattacks. To increase this awareness, Pratama gave the example of how great the impact of disregarding cybersecurity is on a country.
“Estonia had fallen. This tragedy happened as the country digitized all of its systems but did not implement maximum security. This gap caused the country to be attacked by Russian hackers in 2007. All government systems and services stopped. The entire banking system was broken. All critical infrastructure systems were destroyed. This country was suffering. People had money in the bank but could not withdraw it. Can you imagine, now that everyone has been asked for a digital lifestyle, digital society, and cashless society, what will happen? We really depend on technology,” uttered Pratama.
The application of cybersecurity regulations must be tightened
Apart from security awareness, the implementation of cyber security regulations is still very low. Pratama voiced, “Regulations do exist. Indonesia, Malaysia, and Singapore, all have regulations, but are the regulations implemented correctly and properly? For example, in Indonesia, in October 2022, we issued a Personal Data Protection Law. Until now, many problems have occurred related to personal data. Is there a penalty? The answer is no.”
Lately, many people have complained that their savings balance at the bank has been drained after receiving the android package kit (APK) file. Pratama suspected that there is a leak of personal data, making the criminals utilize user numbers as cybercrime targets. However, he questioned whether the perpetrators had been charged according to applicable regulations, namely imprisonment for a maximum of 6 years and/or a fine of up to Rp 6 billion under the Personal Data Protection Law.
“Not long ago, the Directorate General of Taxes’ user data was leaked. Previously, the General Elections Commission (KPU) voter data was leaked, likewise, Telkom and the State Electricity Company (PLN) were also leaked. Was the perpetrator punished? No,” said Pratama. Certainly, this condition creates irony as Indonesia is intensively digitalizing all lines of the economy, but the country still looks down on cyber security. Digitalization itself has created a risk of cyberattacks.
Meanwhile, this cyber threat is also getting worse along with technological developments, especially with the emergence of hackers who use the advanced persistent threat (APT) method. The method allows hacking of the system beyond the ability of its owner to counter and deal with it.
Pratama said, “How can we be able to digitalize Southeast Asia, including Indonesia if we are not well prepared when an attack suddenly occurs? Digitalizing means we switch to a digital system. When switching to a digital system, connected to the internet, that is where the threat appears.”
Key points to build robust security to tackle cyber attacks
There are several strategies recommended by Pratama to build digital system security which are divided by time frame, namely short, medium, and long.
The short-term strategy can be carried out through several steps, including creating competent human resources in the field of cyber security, choosing the right technology – not necessarily expensive technology, as well as making policies and regulations.
Meanwhile, the medium-term strategy can be pursued by enforcing the laws that have been made and promoting education about cyber threats. Further, a long-term strategy can be carried out by collaborating on cybersecurity education between the Ministry of Education, the Ministry of Communication and Informatics, academics, and other stakeholders. This education can be applied based on age level, for example for early childhood, elementary school, middle school, and college.
“If our society is well educated and has good digital literacy, surely they will put their concerns to the issue every time cyber is being discussed. When later they become leaders, hopefully they will be aware that danger is shadowing, unlike now, it is very difficult to convey this issue to the officials. But, we must prepare a means of defense to not become the target of hackers,” concluded Pratama.
