A recent cybersecurity panel, hosted by BritCham Indonesia and moderated by CastleAsia’s Ian Betts on the 15^th January 2024, delved into the intricate interplay of “people, process, and technology.” Boasting three cybersecurity experts – Lewis Golightly, a blockchain and cryptography lecturer from Teesside University, Goutama Bachtiar, the IT Advisory Director of Grant Thornton Indonesia, and Ardi Sutedja, the Chair of the Indonesia Cyber Security Forum – the discussion focussed on Indonesia’s cybersecurity landscape and providing pathways to increase businesses’ resilience in the face of cyber-attacks. 

PEOPLE, PROCESS, TECHNOLOGY

With ransomware, malware, and data breaches posing the greatest cyberthreats to Indonesian businesses, much of the unpredictability and difficulties in increasing cybersecurity levels is due to the variation in human responses to cyber threats. Influenced by emotion, varying thought processes and sometimes a lack of vigilance, human awareness and preparedness are important components in the cyber approach of any business. Indeed, when faced with phishing attacks and other such threats, each person will often respond differently, with individual factors determining the quality of their response. It is essential to ensure that threats are subjected to continued vigilance by an educated populace, and that potential threats be subject to constant monitoring. Only this will provide businesses with the optimum basis on which to begin formulating a cyber security strategy. 

The panel also identified the need for established processes as part of a business’ strategy, advocating for the implementation of a risk identification and registration system, to be followed by analysis and strategic responses to prevent mistakes and provide clarity during or in anticipation of a cyberattack. Through this, and via the utilisation of a risk register, businesses can effectively keep track of threats and ensure that proper processes are in place to resolve issues in their cyber defense systems. 

Furthermore, panellist Ardi Sutedja subsequently asserted that it is imperative that companies go beyond standard surface level analysis in the planning and execution of a cybersecurity approach following the panel. Instead, they must thoroughly investigate their due diligence processes concerning cyber resilience, data protection practices, and their technological procurement supply chains to maintain the most effective level of security.

Finally, the panel dealt with issues of technology. Artificial intelligence (AI), being a relatively new technology, has brought changes to cybersecurity, but AI can be used as a tool to both aid and impede cyber defense, with the panel delving into issues of AI compliance, as well as its potential. 

IMPLICATIONS

Given that the first 10 months of last year saw Indonesia face over 361 million cyber-attacks, comprehensive cybersecurity measures for businesses operating in Indonesia have never been more necessary.¹ Jakarta has a vibrant business culture. Its business environment ranges from SMEs to multinational corporations, creating a disparity in cyber solutions. Although one third of Indonesian SMEs suffered a cyberattack in 2021 alone, SMEs often lack the resources of larger companies.² Despite this range in size, capital and potential, a holistic strategy that integrates people, processes and technology can provide a clear roadmap for any business attempting to bolster their cyber security resilience in the face of evolving threats. However, such a system requires an innate balance between accessibility and security, to avoid decreasing usability whilst remaining secure, to ensure that people and processes remain compatible, and the system isn’t discarded for its inconvenience

^[1] Belinda, Yohana, (2024), “Hacker For Hire: Cyber Counterattacks a Growing Business in Indonesia”, The Jakarta Post, January 13. Retrieved: https://www.thejakartapost.com/business/2024/01/13/hacker-for-hire-cyber-counterattacks-a-growing-business-in-indonesia.html

^[2]. Eloksari, Eisya A., (2021), “Cyberattacks Cost Indonesian SMEs Dearly in Terms of Revenue, Reputation”, The Jakarta Post, October 24. Retrieved: https://www.thejakartapost.com/news/2021/10/23/cyberattacks-cost-indonesian-smes-dearly-in-terms-of-revenue-reputation.html