The case added to a long list of cybersecurity threats in Indonesia, where the National Cyber and Encryption Agency (BSSN) reported 22,750 malware attacks with more than 98 million cyber-attacks throughout 2019, a significant jump from around 12 million in 2018 and 8 million in 2017.

Despite the continued rise in attacks, global studies show that Indonesia has been improving its cybersecurity measures. The International Telecommunication Union's (ITU) Global Cybersecurity Index ranked Indonesia the 41st most cyber-secure country out of 175 with a score of 0.776 out of 1 in 2018, a significant increase from the 70th place with a score of 0.424 in 2017.

On Tuesday, the United Kingdom-based technology researcher Comparitech published a study that showed a significant improvement in Indonesia’s cybersecurity, where the country jumped from the second-worst place for cybersecurity to 55th place out of 76 surveyed countries.

The study also quoted the ITU and Center for Strategic and International Studies' index on cybersecurity preparedness and legislation.

“Indonesia’s score improves dramatically, going from 54.89 last year to 31.33 this year,” the survey results say, as the country recorded fewer users affected by attacks caused by financial malware, computer malware, and crypto miners,” the report says.

Seeing the improvement in global ranking, experts have attributed it to the establishment of the BSSN in 2017, which has changed the country’s cybersecurity game by assigning a dedicated agency to combat and consolidate efforts to prevent cyber threats.

Before its establishment, an overlap in authority among the Communications and Information Ministry, State Intelligence Agency (BIN), Foreign Ministry, Defense Ministry and the National Police in handling cybercrime cases led to calls for a coordinating agency.

But the experts agree that Indonesia’s cybersecurity is still a long way from perfect as seen in the increasing number of cybercrime cases each year. Even though Indonesia has shown a significant improvement, the Comparitech study still places the country as the 21st-worst place for cybersecurity.

Institute for Policy Research and Advocacy (ELSAM) researcher Wahyudi Djafar said that the BSSN establishment also called for more regulations on cybersecurity.

“The problem is that Indonesia does not yet have a comprehensive national strategy on cybersecurity. There is institutional regulation [with the establishment of BSSN], but the national strategy does not yet exist,” he told The Jakarta Post on Wednesday, comparing Indonesia with Singapore, which had a cybersecurity strategy and ranks higher in both cybersecurity ranks.

Wahyudi said the long-awaited cybersecurity and resilience bill could provide a legal basis for the formulation of a national cybersecurity strategy as the House of Representatives has included the bill in its 2020-2024 National Legislation Program.

He added that the cybersecurity bill should stick to improving the essentials of cybersecurity, particularly sensitive-information confidentiality, data integrity and cybersecurity infrastructure availability, while ensuring it does not limit other authorities and rights, as the bill has been criticized for potentially cutting civil liberties and individual privacy.

“We [have to] design the cybersecurity bill with the focus of achieving the objectives of cybersecurity itself, not to widen the context for broader restrictions that that will restrict civil liberties,” Wahyudi said.

The improvement in rankings also might not reflect the real-world situation as major cybersecurity breaches are still happening in the country.

“We are grateful that [the Comparitech study] shows fewer financial transaction breaches, but we have to keep in mind that two large e-commerce firms in Indonesia, Tokopedia and Bukalapak, experienced a data breach in 2019,” the Communications and Information System Security Research Center (CISSReC) founder and chairman Pratama Persadha told the Post.

“There was indeed no transaction breach, but the data will definitely be traded on the dark web. It can contain many things, even credit card information.”

Lack of public awareness has also become an issue in keeping the country cyber-safe.

“Our people still cannot recognize it when they experience cyber-attacks,” Indonesia Cyber Security Forum chairman Ardi K. Sutedja told the Post. “They need appropriate and easy-to-understand directions to protect themselves from cyber barriers, challenges, threats and disruption.”

Ardi suggested that the government, mainly the Communications and Information Ministry, the BSSN and the National Police partner with businesses, telecommunications operators, civil society and players in the education sector to educate about the importance of data protection and privacy “in order to build a sustainable cyber resilience”.

Wahyudi also called for a fast and secure network that can be freely accessed, as most people still use outdated system software and applications in their personal devices.

“Even though internet access in the country is good now, people only update their applications when they can access a Wi-Fi network as data plans are expensive,” he said. “But the security of the public Wi-Fi that people use to update their systems and apps is questionable as well.”

Public Wi-Fi connections that are freely available in Indonesia are not always secure, and using them risks data breaches for sensitive information, such as banking transactions done through those connections.

“This shows the poor information literacy in Indonesia,” he said. “It’s not merely about being able to use our smartphone, but how can we keep it updated and use it properly.” (mfp)

Popular

To my horror, it’s just a movie!

RI, Australia strengthen partnership on taxing crypto assets

Pentagon chief congratulates Prabowo on being elected President