Financial institutions in Indonesia facing a crisis due to the rise in cyber-attacks

Source – Shutterstock

Financial institutions in Indonesia facing a crisis – as being the second most attacked industry

  • In the last six months, attacks on FSI firms in Indonesia were 252% more than the global average
  • Indonesia experiences more attacks than other countries because attackers are more successful there

For years, the financial sector has been under attack. Particularly now, with the advent of digital banking and the acceleration of digital transformation, there are new and increased security concerns – igniting a crisis among financial institutions. Criminals are focusing on trusting online consumers and developing increasingly sophisticated scams to take advantage of them.

This has resulted in significant problems and concerns for both people and organizations. Just recently, Check Point® Software Technologies Ltd., a major global provider of cyber security solutions reported that the finance and banking sector in Indonesia is now the second most attacked industry in the country, up from third place in 2021.

The last six months saw 2,730 attacks against Indonesian financial institutions every week on average, 252% greater than the global average of 1,083 attacks. The finance and banking sector is the sixth most frequently attacked industry globally.

The scale of the attack crisis on the financial sectors 

According to Deon Oswari, Country Manager, Check Point Software Technologies, Indonesia has greater attack rates than other countries simply because attackers are more successful there. Before the market can respond, an attacker who discovers a means to deceive people or compromise systems will quickly grow their operations to exploit the vulnerability.

“In the case of Indonesia, Check Point Research is seeing increased attacks on its mobile banking platforms and applications. It is critical that the banking industry be vigilant and review their best practices. The more you know about the threats and risks out there, the better FSI companies are placed to be able to take action and implement controls,” commented Oswari.

In light of this, the Central Bank of Indonesia recently reported that a ransomware attack has affected its network. Before encrypting the systems, threat actors stole non-critical data about the bank’s employees. Following the disclosure of a portion of the purportedly stolen files, renowned hacker organization Conti Ransomware claimed responsibility for the attack.

In order for ransomware to work, cybercriminals must first get access to a target system, encrypt the files, and then demand a ransom from the victim. Phishing emails, one of the most popular ways for ransomware to be sent, are one method to get into the system. In fact, Check Point Research discovered that in the past 30 days, 92% of the malicious files in Indonesia were distributed by email. An entire business can be held hostage with only one uninformed employee opening a link in a phishing email.

According to Oswari, threat intelligence and quick reaction capabilities are essential in the current environment of ransomware, supply chain attacks, and the ongoing struggle against newly developed malware.

“Comprehensive intelligence to proactively eliminate threats, managed security services to monitor your network, and incident response capabilities to quickly respond to and resolve attacks, are all crucial to keeping your business up and running in 2022,” continued Oswari.

The government of Indonesia concurs with this. Since 2021, the Financial Services Authority of Indonesia (OJK) has urged the financial services sector to strengthen risk management and information technology governance. OJK also unveiled a plan for Indonesia’s banking industry through 2025, which was created to assist the development of digital banking and reinforce the foundational elements of cybersecurity law and policy.

According to Oswari, many businesses try to create their security using a patchwork of one-use solutions from many suppliers, but they frequently fail and are left with security gaps brought on by incompatible technologies. Due to the fact that it relies on utilizing multiple systems and vendors rather than a single integrated solution, this method also results in significant overhead.

Having said that, the financial services industry needs to rethink cybersecurity for a time when technologies, business opportunities, and risks are evolving quickly. This includes maintaining security hygiene, implementing the principle of least privilege, taking a preventative approach, addressing all attack vectors, and keeping threat intelligence up to date.