Our explanations will provide an overview of the cyber security landscape in Indonesia, help you understand the role of penetration testing, and answer the following questions:
LOGIQUE Aims to Assist you in Finding Answers to the Above Questions
Cyberattacks in Indonesia have been increasing and becoming more sophisticated in recent years. One major attack targeted a large e-commerce company, where the personal data of millions of users was exposed, including sensitive information like phone numbers and home addresses. Additionally, a fintech company fell victim to ransomware, crippling its business operations for several days and forcing them to pay a ransom in cryptocurrency.
Not only private companies, but Indonesian government institutions have also become targets of increasingly intensive cyberattacks. In early 2024, a Distributed Denial-of-Service (DDoS) attack targeted several ministry websites, and the Bitlocker hacker group successfully shut down the Temporary National Data Center (PDNS), disrupting access to online public services for days. These threats come not only from cybercriminals but also from groups with political motives.
According to the latest report from BSSN (Badan Siber dan Sandi Negara) and the ENISA Threat Landscape 2024, the financial, transportation, and energy sectors are the most vulnerable in Indonesia. The report emphasizes the growing threat of attacks based on the Internet of Things (IoT) and Artificial Intelligence (AI), where hackers use AI to launch faster, more difficult-to-detect automated attacks.
Companies in Indonesia need to take proactive steps to enhance their cyber security. The use of AI-based security tools to detect anomalies, the implementation of strict security policies, and employee education on phishing and other cyberattacks must be top priorities.
The annual report from BSSN shows a drastic increase in the number of cyberattacks in 2024, particularly attacks aimed at stealing sensitive data and demanding ransom through ransomware. It is crucial for every organization to have an emergency recovery plan and to regularly back up data.
Cyber security is no longer just the responsibility of the IT department; it must involve the entire organization, from top management to operational-level employees. Don't wait until you become a victim. Strengthen your company’s cyber security now!
By 2024, data breaches remain one of the most critical threats faced by organizations globally, including Indonesia. The rapid growth of digital services, cloud adoption, fintech, and e-commerce has made cyberattacks more frequent and increasingly sophisticated.
Data threats generally fall into two categories: data breaches and data leaks. A data breach occurs when cybercriminals deliberately gain unauthorized access to sensitive or confidential data.
Ransomware & Supply Chain Attacks
Ransomware continues to dominate, with attackers encrypting critical data and demanding ransom. Supply chain attacks are also rising, exploiting weak third-party vendors and impacting multiple organizations at once.
Industry-Specific Risks
Cyber Attacks in Indonesia
According to BSSN, Indonesia recorded over 2 billion anomalous cyber activities in 2023, dominated by malware, phishing, and social engineering attacks — a trend that continues into 2024.
To stay ahead of evolving threats, organizations should:
1. Government Data Breach (DJP)
In 2024, Indonesia’s Directorate General of Taxes (DJP) suffered a major data breach exposing millions of taxpayer records, including NIK, NPWP, and financial data. The incident raised serious concerns over government data security.
2. Crypto Exchange Breach (Indodax)
Indonesia’s largest crypto exchange, Indodax, experienced a hot wallet breach, resulting in losses of approximately IDR 280.2 billion. The attack highlighted critical risks within digital asset platforms.
3. Ransomware Attack on National Data Center (PDNS2)
PDNS2 was hit by a BitLocker ransomware attack, encrypting government data and disrupting public services nationwide. The incident exposed vulnerabilities in national cloud infrastructure.
4. Escalating Cyber Threats in Indonesia
According to BSSN, Indonesia recorded over 2.3 billion anomalous cyber activities in 2024, dominated by ransomware, malware, phishing, and social engineering attacks targeting critical infrastructure.
Broadly speaking, there are four categories of cybersecurity threats.
1. State-sponsored actors
Target: the entire computer system
State-sponsored actors carry out attacks on behalf of the state and will generally be sponsored or supported by government entities. The main target is an entire computer system with cyberwarfare/espionage motivations for political, economic, and/or military agendas. These perpetrators are known to play the "long game", where they will use a number of tactics to secretly access systems and networks, then explore those systems for months or years.
2. Cybercriminals
Target: The company.
Cybercriminals are malicious actors who carry out a number of data breaches and are motivated to receive certain financial benefits from this endeavor. They will attack a variety of specified targets using a variety of techniques ranging from phishing, ransomware, cryptominers, remote access Trojans, exploit kits, social media, data/financial theft, extortion, and blackmail. The goal is to steal personally identifiable information (PII) such as credit card numbers, account credentials, and NIK (Identity Number) and then monetize it on the black market (Dark Web).
3. Hacktivist
Target: government agencies, companies, and individuals.
Hacktivists' main targets range from government agencies, companies, to individual targets. They generally carry out attacks for several reasons which are political, social, or economic in nature. Just like other malicious actors, hacktivists will also apply a number of techniques ranging from malware, DDoS attacks, or web page defacement. Through these techniques, they can effectively expose information, effectively cornering the target in question. One example of a hacktivist group is Anonymous.
4. The Lone Wolf
Target: the company/financial institution and its network.
The Lone Wolf carries out a number of attacks on financial institutions and their networks. The goal is of course to gain financial benefits and gain network access. These types of hackers are difficult to catch because they will generally work individually and operate within the black market (Dark Web). In addition, they also sell malware to other hackers.
Research has revealed that 45% of data breaches occur within the cloud. This happens because of the lack of data protection and increasingly sophisticated exploitation techniques, causing an increase in the amount of data that has been successfully hacked and compromised. In addition, Covid-19 has also made remote working systems increasingly commonly practiced, thus encouraging cyberattacks to occur. This makes cyber security attacks continue to increase during 2020 and 2021, not only in terms of the numbers but also related to the impacts caused.
The SANS Institute has noted that in recent years there have been about 74,000 employees, contractors and suppliers affected by data breaches due to stolen company laptops. This is exacerbated by the fact that the data in it is not properly encrypted. A survey also revealed that in 2020, 26% of ransomware attack victims paid a ransom to get their data back. This number has risen to 32% in 2021.
Of course, cyberattacks affect many parties ranging from companies, institutions, customers, or even employees in the company itself. Perceived losses can include many things ranging from damage and destruction of data, stolen money, loss of productivity, intellectual property theft, theft of personal and financial data, embezzlement, fraud, post-attack disruption of business activities, forensic investigations, data and system recovery, to reputational damage.
45%
Violations occurring in the Cloud
74K
Employees, contractors, and suppliers are affected because laptops were stolen and the laptop data was not properly encrypted
32%
The number of ransomware attack victims paying a ransom to retrieve their data in 2021
Ransomware is a type of malicious cyberattack in which an attacker encrypts an organization's data and demands a ransom payment to restore access. In some cases, attackers can also steal organizational information and request additional payments in exchange for not disclosing information to authorities, competitors, or the public. Regarding these types of ransomware attacks, in ETL 2021 it is known that in 2020 the average ransom requested has more than doubled to $170,000, where previously in 2019 it was around $80,000.
Then regarding the case of data breaches, IBM Security through the IBM Cost of a Data Breach Report 2022 revealed that the total global average cost of data breaches increased to USD 4.35 million in 2022. IBM also revealed that the top 5 industries based on the average cost of a data breach are the healthcare industry in first place ($10.10), followed by industries in the financial sector ($5.97), pharmaceuticals ($5.01), technology ($4.97), and energy ($4.72).
In Indonesia itself, the Financial Services Authority (OJK) once mentioned that there were losses worth IDR 246 billion caused by cyber-attacks on banks in Indonesia in the period 1st semester of 2020 to semester 1 of 2021. Then in the same period, there is a potential loss that can arise with a nominal value of rp 208 billion. Furthermore, based on data from the International Monetary Fund (IMF) 2020, it is known that the estimated total average loss experienced by the financial services sector globally due to cyberattacks can reach USD 100 billion or more than IDR 1,433 trillion. Cybersecurity Ventures has also mentioned that the total estimated cost of damage globally will grow by 15% per year over the next five years and reach $10.5 trillion per year by 2025.
Hackers will generally run a number of attacks such as by locking the system and then asking for a ransom so that the system can be accessed again. In addition, cyberattacks can also occur due to vulnerabilities or loopholes in the software used by the company. With the proliferation of cyberattacks, the need for companies to increase resilience to the systems they use is increasing. Cyber security services are becoming increasingly needed to anticipate the potential risk of attacks amid the digitalization trend carried out by various industrial sectors.
Ransomware ransom demands have increased by more than 2 times.
The average total losses experienced by the global financial services sector reached USD 100 billion or more than IDR 1.433 trillion.
Damage related to cyber crime is projected to increase by 15% per year over the next 5 years, reaching $10.5 trillion per year by 2025.
Losses reached IDR 246 billion due to cyber attacks in Indonesia's banking sector from the first semester of 2020 to the first semester of 2021.
The top 5 industries with the highest loss costs due to data breaches in 2022.
HEALTHCARE
($10.10)
FINANCIAL
($5.97)
PHARMACEUTICAL
($5.01)
TECHNOLOGY
($4.97)
ENERGY
($4.72)
Currently, as many as 74% of companies have more than 1,000 very sensitive data archives, of which 21 percent are not given good and qualified protection. In addition, 41% of companies also have more than 1,000 sensitive files, including credit card numbers and other financial records that are not well protected. Not only that, based on Varonis data, 65% of companies have 500 users who have never changed their passwords.
Based on data obtained from Verizon, the Data Breach Investigations Report (DBIR) 2021 has revealed that as many as 85% of data breach cases involve human instigators. This shows that hackers often take advantage of mistakes made by humans, they realize that humans can be the weakest chain in the security system. This is what makes social engineering attacks or miscellaneous errors (such as when employees accidentally compromise the company's data) the main method exploited by hackers.
In 2020, adware-type malware has also been increasingly present throughout Android devices. The State of Malware Report 2021 reported that on Android devices, 704,418 had detected various hidden ads & malware, and showed that there was an increase in this regard of almost 149%. This malware generally infects the system because users have unknowingly installed certain legitimate applications bundled with the aforementioned malware. The second cause is due to certain vulnerabilities in the software or operating system used. The vulnerability is then exploited by hackers to include malware within it.
In the first quarter of 2021, the volume of cryptojacking infections also reached a record high compared to recent years. Statistics have shown that during the first quarter of 2021, infections increased by 117%.
74%
The company has over 1000 sensitive files.
21%
All files are not protected in any way.
41%
The company has 1000 sensitive files including credit card numbers and other financial records that are not well protected.
65%
The company has over 500 users who have never been asked to change their passwords.
85%
Cases of data breaches due to human error are present.
149%
Increase in HiddenAds Malware, detected 704,418 times on Android devices.
117%
Increase in cryptojacking infections.
In 2024, Indonesia officially enacted the Personal Data Protection Law (UU PDP) to provide stronger protection for citizens' personal data in the digital age. This law requires companies and institutions, both public and private, to comply with stricter standards for data management and protection.
Non-compliance with the UU PDP can result in severe penalties, including hefty fines and criminal charges. With the implementation of this law, individuals will have greater control over their personal data, while companies must upgrade their cybersecurity infrastructure to prevent data breaches. The UU PDP aims to boost public trust in digital services and enhance data security across all sectors in Indonesia, especially given the increasing number of cyberattacks targeting sensitive data.
Penetration testing services, often shortened to the term “pentest”, is a term used when someone performs security testing on a system, application, or network. Penetration testing involves cybersecurity specialists who actively attempt to exploit vulnerabilities in a system or network.
Such activities are carried out in order to find out whether the system’s overall security protections possess loopholes. This is so that holes within the system can be immediately corrected by patching. This is done so that the security contained in a system or application being tested becomes impenetrable. In addition to conducting testing, pentest services also document the level of security of the system or application to be tested for subsequent reports or reports to the company / customer
Before conducting a penetration test, there will usually be a contract between the auditor / pentester and the company that aims for the application or system to be tested.
Cyber Security Inspection
Cyber Security Inspection refers to the process of examining systems, networks, or software with the goal of identifying vulnerabilities or potential security risks. This is an initial stage that helps pinpoint potential security issues.
Vulnerability Assessment
Vulnerability Assessment involves a more in-depth analysis of discovered vulnerabilities, including an understanding of how these vulnerabilities could be exploited and their impact on the company. The goal of vulnerability assessment is to provide a more comprehensive picture of the risk level a company faces concerning specific vulnerabilities.
Vulnerability Scanner
A Vulnerability Scanner is software that automatically scans systems or networks to discover vulnerabilities that attackers could potentially exploit. Companies can utilize Vulnerability Scanners to scan software, configurations, or infrastructure that may exhibit potential security gaps.
Penetration tests are performed to identify whether an application, computer system, or a network has security weaknesses. If a flaw is found and can be proven by some risk analysis, then you will have time to be able to repair the system before someone irresponsible takes a chance from the weakness gap found. Through the use of good security systems, the company's sensitive data can thus be protected which results in the company avoiding unnecessary expenses and losses in the future.
Cyber Security Insights & Articles
Penetration testing techniques present several key advantages, including:
LOGIQUE provides penetration testing (pentest) services and comprehensive reporting related to security vulnerabilities in IT systems, websites, and mobile applications. In providing this service, we focus on assessing and reporting security vulnerabilities in systems, the web, and applications at a fast time and at an affordable price. Please check the details of this service here.
LOGIQUE 
