TheJakartaPost
Please Update your browser
Your browser is out of date, and may not be compatible with our website. A list of the most popular web browsers can be found below.
Just click on the icons to get to the download page.
Cyberattacks crippling Indonesian SMEs: Study
Small businesses considered easy prey, can be used by hackers as launchpad for wider attacks
Change Size
C
yberattacks against big companies and government institutions in Indonesia have made headlines in recent months. However, criminals are also targeting small and medium enterprises (SMEs), often causing devastating losses of revenue or reputation.
A new study from technology company Cisco shows that one-third of Indonesian SMEs suffered from cyberattacks in the last 12 months. Among those experiencing cyberattacks, 43 percent said they lost at least US$500,000 in revenue and spending for recovery, while 12 percent said they lost more than $1 million.
Cisco Indonesia director Marina Kacaribu said the longer it took a business to detect and remediate a cyberattack, the more severe its impact on operational performance and revenue. More than 80 percent of SMEs in Indonesia said they needed more than one hour to detect and handle breaches.
“For some SMEs, more than an hour of downtime could mean permanent business closure,” she said during an online media briefing on Thursday.
Marina also said that cybercriminals typically aimed to access customer, employee or financial data from businesses using malware, phishing and denial of service (DoS) techniques. While malware and phishing were generally used to steal company data, DoS attacks were used to intentionally disrupt business services.
She went on to say that SMEs should make sure that their employees are working from secure internet connections and avoid clicking on suspicious links in emails, especially as companies were allowing people to work from anywhere.
“We live in a digitally connected world, and SMEs are no exception. The more they are connected to the internet, the higher the cybersecurity risks would be,” she said.
Read also: Cyberattacks loom as pandemic forces employees to work from home
Cisco surveyed business and IT leaders from more than 3,700 SMEs across 14 markets in the Asia Pacific region, including Indonesia, from April to July.
The study found that 68 percent of Indonesian SMEs felt exposed to cyberthreats. While the figure was lower than the 84 percent of SMEs in Asia Pacific, almost all of Indonesia’s SMEs lacked “the right technologies” to mitigate cyberattacks.
Cisco ASEAN cybersecurity director Juan Huat Koo said SMEs' growing concern over online attacks was because of increasing digitalization and the fact that SMEs were perceived as weaker targets in cybersecurity than larger organizations.
“Hackers are now focusing a lot on SMEs, because they can use SMEs as a launchpad to other critical environments,” he said, referring to banks and government bodies that have partnership with SMEs.
According to the Cooperatives and SME Ministry, 15.9 million SMEs have joined digital platforms as of September, up from only 10 million in 2020. Almost half of the country’s SMEs, or 30 million, are expected to go digital by 2024.
“Cyberattacks can cause SMEs revenue loss, an inability to sell products as well as a bad reputation,” Ikhsan Ingratubun, chairman of the Indonesian Micro, Small and Medium Enterprise Association (Akumindo), told The Jakarta Post on Friday.
Yet, he added, most SMEs considered IT infrastructure a secondary or even tertiary need, especially in the case of businesses not based on technology.
“It is important that SMEs can handle cyberthreats, but this means we need to invest more [in IT protection],” Ikhsan said. “But actually, SMEs would rather leave that up to the government. If they can protect us, that would be better.”
He went on to say that the government, especially the Information and Communications Ministry, should be able to anticipate cyberattacks before they happen as well as implement regulations to punish criminals.
However, the government has itself been on the receiving end of cyberattacks, with numerous websites and platforms reportedly hacked.
The same is true for big enterprises, such as e-commerce platforms Tokopedia and Bhinneka and fintech platform Cermati, all pointing to failure in the country’s efforts to protect personal data.
Read also: Low awareness underlies Indonesia’s cybersecurity woes
The National Cyber and Encryption Agency (BSSN) noted that Indonesia registered 888 million cyberattack attempts in the January-to-August period, an exponential increase from 189 million attempts over the equivalent period last year.
