The Jakarta Post
IBM Indonesia, a wholly owned subsidiary of American technology giant IBM, has called for companies to step up cybersecurity measures and to communicate digital safety to employees in light of the increase in cyberattacks during the "remote working era" of the pandemic.
IBM Security, the multinational's global cybersecurity division, reported an increase of more than 6,000 percent in coronavirus-related spam, including virus-themed malware, malicious domains and phishing scams in March-May.
Companies might still be reluctant to increase their cybersecurity budget for the duration of the work from home (WFH) period, as it would not directly affect their revenue albeit its importance, IBM Indonesia president director Tan Wijaya said.
“If you ask me when should companies invest in security, I would say yesterday. Investing in security is like investing in insurance. Sometimes people realize that they need one [only] when there has been an attack. This is the mindset that needs to change," Tan said at a virtual press conference on June 18.
He said that businesses with a high number of users or data traffic were more susceptible to cyber threats, regardless of the industry.
Indonesia started relaxing the large-scale social restrictions (PSBB) for certain regions in early June, allowing offices to reopen at 50 percent capacity as a health precaution after nearly three months of closure to contain the spread of COVID-19.
Meanwhile, the National Cyber and Encryption Agency (BSSN) said that Indonesia had recorded more than 88 million cyberattacks during the first four months of the year, with March seeing the highest average of daily attacks. More than half of the cyberattacks were Trojan horses, or malware designed to look legitimate, followed by phishing scams and web application attacks.
In May, three Indonesian e-commerce platforms reportedly experienced data breaches that stole their customers' details, which were then sold on the dark web.
Tan said that IBM Indonesia had received more requests from the country’s financial services industry for its security solutions, including cloud adoption, signalling a high awareness of cyber threats in the sector.
Meanwhile, a 2018 PricewaterhouseCoopers survey shows that Indonesian banks have considered cybersecurity threats as the biggest risk to the industry since 2018, and that it would be the major risk to digital banking for the next two to three years.
“Going into the post-pandemic era, artificial intelligence, data technology and multi-cloud [applications] will grow bigger as an ecosystem. It will be important for businesses in every industry to create an efficient digital environment,” said Tan, adding that IBM saw global cloud adoption grow 34 percent year-on-year in the first quarter.
Besides installing the necessary infrastructure, Tan suggested that companies educate their employees on basic digital safety, such as avoiding emails, website links or downloads from unknown sources.
Similarly, associate partner Aman Dhingra of McKinsey & Company Singapore said that communicating with employees was a crucial step in maintaining information security while working remotely.
“Building a ‘human firewall’ will help ensure that employees play a part in keeping the enterprise secure,” he said in a written statement.
Dhingra added that companies should assess security controls at their third-party partners and adopt technologies such as virtual private networks (VPNs), cloud computing interface and multifactor authentication.
Meanwhile, Nurul, a 26-year-old employee at an online booking agency, said that the company where she worked had been disseminating information on digital security even before the COVID-19 pandemic emerged.
The company required its employees to use a particular VPN service when accessing its booking portal and to set up a unique password of more than 10 characters, she told The Jakarta Post by text message on June 19.
“I have not personally experienced any cyber threats, but there was an instance when one of our executive’s email [address] was used to send spam to an internal group,” Nurul said. She said that the company immediately followed up with a memo to ignore the spam email.