The Jakarta Post
The 32rd ASEAN Summit in Singapore last year raised a particular issue that touches our everyday lives, the cyberrealm and its security.
The new ASEAN Economic Blueprint for 2025 inevitably mentions the word “digital” several times regarding financial inclusion in the region, strengthening the role of small and medium enterprises and supporting integration of information and communications technology across the region. Digitalization has and will increasingly impact our daily lives and way of living.
We can already see efforts from the government, private sector and society to better understand and utilize the digital platform. Indonesia’s government is designing a One Data policy to encourage policy-making initiatives based on transparent and accountable public data; the private sector, such as the big four start-ups, have provided new job opportunities and have transformed the way we live; many ordinary citizens have used new opportunities and have even become online celebrities.
The opportunities presented by digitalization are endless.
Nonetheless, cyberrisks are also many. Indonesia saw those risks and established the Cyber Body and National Encryption Agency (BSSN) in 2017. The private sector has also raised awareness of the importance of cybersecurity; an effort last December was through the Cyber Security Indonesia (CSI) event held simultaneously with the Indonesia Fintech Show.
Cybersecurity is clearly the responsibility of both the public and private sector, especially in Indonesia and ASEAN where businesses have heavily invested in ICT infrastructure to turn this region into a digitally connected community.
In our country alone, according to Dimension Data Indonesia, the annual increase of bank customers led to a 16 percent increase of cyberattacks in the financial sector in 2017.
This would lead to future scenarios in which companies continue to experience huge losses. In 2014, two Sri Lankans colluded with an Indonesian to install secret cameras and skimmers (electronic devices that can read and acquire data from cards) in ATMs around Jakarta and Bogor to illegally acquire Rp 3.9 billion (US$277.2 million) from Bank Mandiri customers. Ordinary citizens are also in danger.
At the aforementioned CSI event, conference panelists presented intriguing ideas regarding the human dimension of cybersecurity. Tony Seno Hartono of Microsoft Indonesia stated the weakest link in the cybersecurity of an organization is the user, not the security measures.
Agung Nugraha from BSSN also said user awareness was the weakest link in the chain of security in Indonesia. Indeed Bank Indonesia has seen a 66 percent rise of network misuse to steal financial data for electronic transactions in 2015.
In neighboring Vietnam, “phishing”, malware disguised as emails that will bait the target to open it and spread a virus, is reported as the form of most cyberattacks in the country.
In addition, the proliferation of fintech startups here have also induced a negative excess, notably the peer-to-peer lending startups operating without permits from the Financial Services Authority.
The lending startups operate without clear boundaries and with unreasonably high interest rates, targeting less-educated citizens who desperately need loans and are unaware of the terms and conditions.
As a result, 283 cases were reported by legal aid advocates since 2016 in which people complained that their lenders were able to access their phone contacts and through debt collectors would demand money from their close relatives.
There is clearly a breach of privacy issue through electronic means. However, many are still attracted to the means of lending as the procedure is easy and does not require collateral.
Thus, the government and the private sector must not only focus on cybersecurity regulations and capability that only protect their interests. If we want to create a digitalized and people-centered ASEAN, we must also focus on the protection of ordinary citizens.
We can start with public campaigns with two objectives: first, to educate people on personal cyberhygiene and, second, to raise awareness of cyberregulation and how it can protect us. Cyberhygiene is a practice that we can apply in our daily lives.
Digital Guardian, a tech company specializing in cyberthreat detection and response, wrote a simple data protection 101 that teaches practices such as listing all the hardware, software and applications that we use, subsequently doing a run-through to decide which of the equipment or apps we rarely use and can dispose of, regularly changing passwords, updating software and hardware, documenting every installed program, regularly backing up data and limiting users of our hardware and software.
This is the right time to raise awareness of personal cyberhygiene as the Communications and Information Ministry issued Regulation No. 20/2016 on protection of personal data in electronic systems, while also expediting the drafting of a personal data protection bill.
We can also raise awareness of cyber-related policies and agencies to ensure we can benefit from digitalization while knowing the risks and how to protect ourselves.
For example, the aforementioned regulation reveals how our data should be used by telecommunications companies and whether those peer–to-peer lending companies have the right to access our contact information. Indonesia also has a Computer Emergency Response Team that the public can report to regarding cyberincidents.
Lastly, we can report cybercrimes like online scams to the cybersecurity unit of the police for further assistance.
The writer is a graduate in political science from Parahyangan Catholic University, Bandung and is a research assistant at the Centre for Strategic and International Studies, Jakarta.