According to the National Cyber and Encryption Agency (BSSN), cyberattacks in Indonesia almost doubled to more than 495 million cases in 2020, the highest figure ever recorded by the agency, established in 2017.
he work-from-home (WFH) arrangement aimed at curbing COVID-19 transmission exposes companies to cyberthreats as unaware employees connect to office networks from personal computers, experts have warned.
According to the National Cyber and Encryption Agency (BSSN), cyberattacks in Indonesia almost doubled to more than 495 million cases in 2020, the highest figure ever recorded by the agency, established in 2017.
BSSN spokesperson Anton Setiawan told The Jakarta Post that the COVID-19 pandemic played a role in the sudden increase in cyberattacks. He said the outbreak, specifically the WFH mandate, had forced both businesses and government institutions to conduct operations through digital channels.
Working from outside the office strips employees of centralized cybersecurity protection provided by the company as they use personal or even public networks to access office systems, leaving the latter more vulnerable to attacks.
“WFH definitely increases the cybersecurity risk. Previously, [employees would work] within a clear and tight office network, Anton said on Wednesday.
“Organizational resources that were previously closed and limited must be opened [to allow remote access].”
Tan Wijaya, president director of IBM Indonesia, a wholly owned subsidiary of United States technology giant IBM, shared the same concern, saying companies in Indonesia and other countries faced a “significantly higher” risk during the WFH period.
Most private networks do not have adequate security features, he explained. Ideally networks used for work purposes should be separated from personal use, but WFH means family members may run other software than office applications on connected computers.
“These possibilities increase the risk for cyberattacks,” Tan told the Post by email on Thursday.
Noting the human factor in cyberthreats, Tan suggested companies train their employees on security awareness, ensure that “the right user has the right access” through methods like multifactor authentication and identity management and conduct a risk assessment regarding the WFH implementation.
“We recommend collaborating with technology companies that provide not only security tools but also security awareness training and understanding,” Tan said.
Horangi, a Singapore-headquartered cybersecurity company, identified misconfigured cloud infrastructure as one of the most prominent factors behind the increasing cybersecurity risk, but one often overlooked by organizations, with dire consequences.
Horangi’s analysis of more than 1 million cloud infrastructure configurations in Southeast Asian organizations found around 25 percent contained flaws that could be used as attack vectors to gain unauthorized access to an organization’s network.
In a company statement, Horangi CEO and cofounder Paul Hadjy pointed to surveys suggesting that most people would like to continue working remotely after the pandemic, increasing the risk of attacks as cybersecurity infrastructure become more complex and prone to mistakes.
Reliance on virtual platforms and communications in remote working models increased the attack surface for bad actors, which could lead to an uptick in phishing as well as ransomware attacks, Horangi Indonesia country manager Darryl Chuan told the Post on Thursday.
To mitigate the risk, organizations should implement processes and technology that support security controls, such as security awareness training, harden endpoint security and prepare their response to potential incidents, including data leakage.
Yohanes Syailendra, a Jakarta-based information security consultant with more than 10 years of experience in the field told the Post on Tuesday that WFH arrangements could increase the risk of phishing, in which attackers masquerade as trusted entities and get victims to click on links or download software.
Deloitte, a consultancy and advisory company, confirmed that attackers were seeing the pandemic as an opportunity to step up their criminal activity, including by capitalizing on COVID-19-related news or content. Deloitte cited a 2020 survey by Tessian that found that more than 47 percent of individuals fall for phishing scams while working from home.
Even before the WFH arrangement necessitated by the coronavirus pandemic, companies in Indonesia were generally deemed to be ill-unprepared for cyberattacks, as many failed to tick four boxes of IT security, Yohanes explained, namely identification, protection, monitoring and fast response. Companies excelling in one or two of these may still be at risk, because cybersecurity depended on several layers of protection, he noted.
Banking and financial technology companies were generally the most prepared, Yohanes said, as they were also consistently the most targeted, while security at many other firms, large and small, was often left wanting.
In cyberattacks on firms with more than 1,000 employees, the median cost caused to the company was US$24,000, but in some cases, it exceeded $400,000, while small firms of up to 10 employees suffer median losses of $8,000 but some lost more than $300,000, according to the Hiscox Cyber Readiness Report 2021 on firms in eight countries, including the US, Germany and Ireland.
“I advise companies to prioritize cybersecurity […] This is a risk. Therefore, it should be mitigated [before causing harm to businesses],” Yohanes said.
This was exacerbated, Yohanes said, by the fact that attackers had been increasingly targeting companies in Indonesia over the past two years, a country relatively rarely targeted before, with ransomware being one of the most common threats.
Beyond banks and fintech, attackers also eyed hospitals, pharmaceutical companies and other health-related firms, he said, noting that those companies had witnessed an increase in cyberattacks during the pandemic particularly in Europe and Singapore.
Share your experiences, suggestions, and any issues you've encountered on The Jakarta Post. We're here to listen.
Thank you for sharing your thoughts. We appreciate your feedback.
Quickly share this news with your network—keep everyone informed with just a single click!
Share the best of The Jakarta Post with friends, family, or colleagues. As a subscriber, you can gift 3 to 5 articles each month that anyone can read—no subscription needed!