Our explanations will provide an overview of the cyber security landscape in Indonesia, help you understand the role of penetration testing, and answer the following questions:
LOGIQUE Aims to Assist you in Finding Answers to the Above Questions
Cyberattacks in Indonesia have been increasing and becoming more sophisticated in recent years. One major attack targeted a large e-commerce company, where the personal data of millions of users was exposed, including sensitive information like phone numbers and home addresses. Additionally, a fintech company fell victim to ransomware, crippling its business operations for several days and forcing them to pay a ransom in cryptocurrency.
Not only private companies, but Indonesian government institutions have also become targets of increasingly intensive cyberattacks. In early 2024, a Distributed Denial-of-Service (DDoS) attack targeted several ministry websites, and the Bitlocker hacker group successfully shut down the Temporary National Data Center (PDNS), disrupting access to online public services for days. These threats come not only from cybercriminals but also from groups with political motives.
According to the latest report from BSSN (Badan Siber dan Sandi Negara) and the ENISA Threat Landscape 2024, the financial, transportation, and energy sectors are the most vulnerable in Indonesia. The report emphasizes the growing threat of attacks based on the Internet of Things (IoT) and Artificial Intelligence (AI), where hackers use AI to launch faster, more difficult-to-detect automated attacks.
Companies in Indonesia need to take proactive steps to enhance their cyber security. The use of AI-based security tools to detect anomalies, the implementation of strict security policies, and employee education on phishing and other cyberattacks must be top priorities.
Laporan tahunan dari BSSN menunjukkan peningkatan drastis dalam jumlah serangan siber di tahun The annual report from BSSN shows a drastic increase in the number of cyberattacks in 2024, particularly attacks aimed at stealing sensitive data and demanding ransom through ransomware. It is crucial for every organization to have an emergency recovery plan and to regularly back up data.
Cyber security is no longer just the responsibility of the IT department; it must involve the entire organization, from top management to operational-level employees. Don't wait until you become a victim. Strengthen your company’s cyber security now!
By 2024, data breaches continue to be one of the most serious threats facing companies worldwide, including in Indonesia. Cyberattacks have become increasingly sophisticated, driven by the growing reliance on digital technology and the internet, as well as the expansion of cloud-based services, fintech, and e-commerce.
It is important to understand that, technically, threats against data can be classified as data breaches or data leaks. A data breach specifically refers to a cyberattack deliberately carried out by a cybercriminal to gain unauthorized access and expose sensitive, confidential, or protected data.
Threats against data consistently rank high among the top risks in ETL reports, and this trend has continued throughout the reporting period of the ETL 2024 report. The following image provides an overview of the timeline of incidents related to observed data threats.
Ransomware and Supply Chain Attacks Remain Dominant
Hackers are constantly exploring new attack techniques to breach corporate security systems. Ransomware remains a major threat, as attackers encrypt sensitive data and demand a ransom for its recovery. Additionally, supply chain attacks are increasing, where hackers infiltrate systems through insecure third-party vendors. These attacks can have widespread impacts, as a single breach in the supply chain can affect multiple companies.
Data Breach Trends Across Industries
Cyber Attacks in Indonesia in 2024
The National Cyber and Crypto Agency (BSSN) reported that in 2023, Indonesia experienced a drastic increase in cyberattacks, with over 2 billion anomalous traffic records. The most common types of attacks encountered were malware attacks, including phishing and social engineering that target unsuspecting users.
Increased Risk in the Healthcare Sector
Since the Covid-19 pandemic, the healthcare sector has become a prime target for cyberattacks. In 2024, with the growing use of telemedicine and digital health services, hackers continue to target highly sensitive medical data. According to ENISA reports, healthcare data breaches accounted for approximately 25% of all global data breaches this year.
Organizations need to stay vigilant and strengthen their cyber security infrastructure. Here are some important steps to take:
2024 has shown that cyber threats are on the rise. Taking proactive measures and involving the entire organization in safeguarding data security should be a top priority. Don’t let data breaches destroy your business’s reputation and operations.
In 2024, Indonesia continues to face a significant increase in data leak cases and cyberattacks that expose sensitive information from both government and corporate entities. Here are some of the most notable cases this year:
1. Data Leak at the Directorate General of Taxes (DJP)
In 2024, the Directorate General of Taxation (Direktorat Jenderal Pajak/DJP) experienced a massive data breach. Hackers gained access to a database containing millions of taxpayer records, including National Identification Numbers, Taxpayer Identification Numbers, tax reports, and other sensitive financial information. This breach affected both individuals and companies, raising concerns over the security of government-managed data. The DJP is currently working to strengthen its cyber security defenses and protect sensitive data from future attacks.
2. Indodax Transaction Incident
Indodax, Indonesia’s largest Indodax, the largest cryptocurrency exchange platform in Indonesia, experienced a security breach of their hot wallet in mid-2024. Hackers exploited vulnerabilities in Indodax's digital wallet system, stealing approximately 280.2 billion Rupiah worth of cryptocurrency assets. This incident highlighted the high risks digital currency platforms face and underscored the urgent need to enhance security protocols. Indodax responded by implementing emergency measures and tightening its security systems.
3. BitLocker Ransomware Attack on the Temporary National Data Center (PDNS2)
In 2024, the Temporary National Data Center 2 (Pusat Data Nasional Sementara 2/PDNS2), which serves as the primary repository for Indonesia's national government data, suffered a severe ransomware attack. Hackers used BitLocker ransomware to encrypt the data servers, blocking access to critical systems and demanding ransom payments in cryptocurrency. The attack caused widespread disruption to public services, exposed weaknesses in PDNS2’s cloud infrastructure, and triggered a national security crisis.
The government collaborated with cybersecurity experts to restore services, but the incident underscored the importance of protecting sensitive data from ransomware threats.
By 2024, BSSN reported a drastic increase in cyber threats in Indonesia, with over 2.3 billion anomalous traffic or cyberattacks detected throughout the year. Malware attacks such as ransomware, trojans, and spyware remain the biggest threats, with ransomware specifically targeting critical infrastructure and important data, often demanding ransom in cryptocurrency. Additionally, phishing and social engineering attacks have also increased, stealing personal information from internet users. One of the most significant incidents was the ransomware attack on the PDNS2, which caused disruptions to public services. BSSN has urged companies and government agencies to strengthen their cyber defenses and raise awareness of these threats.
Broadly speaking, there are four categories of cybersecurity threats.
1. State-sponsored actors
Target: the entire computer system
State-sponsored actors carry out attacks on behalf of the state and will generally be sponsored or supported by government entities. The main target is an entire computer system with cyberwarfare/espionage motivations for political, economic, and/or military agendas. These perpetrators are known to play the "long game", where they will use a number of tactics to secretly access systems and networks, then explore those systems for months or years.
2. Cybercriminals
Target: The company.
Cybercriminals are malicious actors who carry out a number of data breaches and are motivated to receive certain financial benefits from this endeavor. They will attack a variety of specified targets using a variety of techniques ranging from phishing, ransomware, cryptominers, remote access Trojans, exploit kits, social media, data/financial theft, extortion, and blackmail. The goal is to steal personally identifiable information (PII) such as credit card numbers, account credentials, and NIK (Identity Number) and then monetize it on the black market (Dark Web).
2. Hacktivist
Target: government agencies, companies, and individuals.
Hacktivists’ main targets range from government agencies, companies, to individual targets. They generally carry out attacks for several reasons which are political, social, or economic in nature. Just like other malicious actors, hacktivists will also apply a number of techniques ranging from malware, DDoS attacks, or web page defacement. Through these techniques, they can effectively expose information, effectively cornering the target in question. One example of a hacktivist group is Anonymous.
4. The Lone Wolf
Target: the company/financial institution and its network.
The Lone Wolf carries out a number of attacks on financial institutions and their networks. The goal is of course to gain financial benefits and gain network access. These types of hackers are difficult to catch because they will generally work individually and operate within the black market (Dark Web). In addition, they also sell malware to other hackers.
Research has revealed that 45% of data breaches occur within the cloud. This happens because of the lack of data protection and increasingly sophisticated exploitation techniques, causing an increase in the amount of data that has been successfully hacked and compromised. In addition, Covid-19 has also made remote working systems increasingly commonly practiced, thus encouraging cyberattacks to occur. This makes cyber security attacks continue to increase during 2020 and 2021, not only in terms of the numbers but also related to the impacts caused.
The SANS Institute has noted that in recent years there have been about 74,000 employees, contractors and suppliers affected by data breaches due to stolen company laptops. This is exacerbated by the fact that the data in it is not properly encrypted. A survey also revealed that in 2020, 26% of ransomware attack victims paid a ransom to get their data back. This number has risen to 32% in 2021.
Of course, cyberattacks affect many parties ranging from companies, institutions, customers, or even employees in the company itself. Perceived losses can include many things ranging from damage and destruction of data, stolen money, loss of productivity, intellectual property theft, theft of personal and financial data, embezzlement, fraud, post-attack disruption of business activities, forensic investigations, data and system recovery, to reputational damage.
45%
Breaches that occurred in the Cloud
74K
Employees, contractors, and suppliers affected due to stolen laptops and inadequate encryption of laptop data.
32%
Ransomware attack victims who paid a ransom to recover their data in 2021
Ransomware is a type of malicious cyberattack in which an attacker encrypts an organization's data and demands a ransom payment to restore access. In some cases, attackers can also steal organizational information and request additional payments in exchange for not disclosing information to authorities, competitors, or the public. Regarding these types of ransomware attacks, in ETL 2021 it is known that in 2020 the average ransom requested has more than doubled to $170,000, where previously in 2019 it was around $80,000.
Then regarding the case of data breaches, IBM Security through the IBM Cost of a Data Breach Report 2022 revealed that the total global average cost of data breaches increased to USD 4.35 million in 2022. IBM also revealed that the top 5 industries based on the average cost of a data breach are the healthcare industry in first place ($10.10), followed by industries in the financial sector ($5.97), pharmaceuticals ($5.01), technology ($4.97), and energy ($4.72).
In Indonesia itself, the Financial Services Authority (OJK) once mentioned that there were losses worth IDR 246 billion caused by cyber-attacks on banks in Indonesia in the period 1st semester of 2020 to semester 1 of 2021. Then in the same period, there is a potential loss that can arise with a nominal value of rp 208 billion. Furthermore, based on data from the International Monetary Fund (IMF) 2020, it is known that the estimated total average loss experienced by the financial services sector globally due to cyberattacks can reach USD 100 billion or more than IDR 1,433 trillion. Cybersecurity Ventures has also mentioned that the total estimated cost of damage globally will grow by 15% per year over the next five years and reach $10.5 trillion per year by 2025.
Hackers will generally run a number of attacks such as by locking the system and then asking for a ransom so that the system can be accessed again. In addition, cyberattacks can also occur due to vulnerabilities or loopholes in the software used by the company. With the proliferation of cyberattacks, the need for companies to increase resilience to the systems they use is increasing. Cyber security services are becoming increasingly needed to anticipate the potential risk of attacks amid the digitalization trend carried out by various industrial sectors.
The demand for ransom in ransomware attacks has more than doubled.
The global average financial loss in the financial services sector has reached USD 100 billion, or more than IDR 1,433 trillion..
Losses reached IDR 246 billion due to cyberattacks in Indonesia’s banking sector during the period from the first half of 2020 to the first half of 2021.
Top 5 industries with the highest costs due to data breaches in 2022:
HEALTHCARE
($10.10)
FINANCIAL
($5.97)
PHARMACEUTICALS
($5.01)
TECHNOLOGY
($4.97)
ENERGY
($4.72)
The damages associated with cybercrime are projected to increase by 15% per year over the next 5 years, reaching $10.5 trillion annually by 2025.
Currently, as many as 74% of companies have more than 1,000 very sensitive data archives, of which 21 percent are not given good and qualified protection. In addition, 41% of companies also have more than 1,000 sensitive files, including credit card numbers and other financial records that are not well protected. Not only that, based on Varonis data, 65% of companies have 500 users who have never changed their passwords.
Based on data obtained from Verizon, the Data Breach Investigations Report (DBIR) 2021 has revealed that as many as 85% of data breach cases involve human instigators. This shows that hackers often take advantage of mistakes made by humans, they realize that humans can be the weakest chain in the security system. This is what makes social engineering attacks or miscellaneous errors (such as when employees accidentally compromise the company’s data) the main method exploited by hackers.
In 2020, adware-type malware has also been increasingly present throughout Android devices. The State of Malware Report 2021 reported that on Android devices, 704,418 had detected various hidden ads & malware, and showed that there was an increase in this regard of almost 149%. This malware generally infects the system because users have unknowingly installed certain legitimate applications bundled with the aforementioned malware. The second cause is due to certain vulnerabilities in the software or operating system used. The vulnerability is then exploited by hackers to include malware within it.
In the first quarter of 2021, the volume of cryptojacking infections also reached a record high compared to recent years. Statistics have shown that during the first quarter of 2021, infections increased by 117%.
74%
Companies have more than 1,000 sensitive files.
21%
Of all files are not protected.
41%
Companies have 1,000 sensitive files, including credit card numbers and health records, that are not protected.
65%
Companies have over 500 users who have never been required to change their passwords.
85%
Data breaches involve human error.
149%
Increase in HiddenAds malware, with 704,418 detections on Android devices.
117%
Increase in cryptojacking infections.
In 2024, Indonesia officially enacted the Personal Data Protection Law (UU PDP) to provide stronger protection for citizens' personal data in the digital age. This law requires companies and institutions, both public and private, to comply with stricter standards for data management and protection.
Non-compliance with the UU PDP can result in severe penalties, including hefty fines and criminal charges. With the implementation of this law, individuals will have greater control over their personal data, while companies must upgrade their cybersecurity infrastructure to prevent data breaches. The UU PDP aims to boost public trust in digital services and enhance data security across all sectors in Indonesia, especially given the increasing number of cyberattacks targeting sensitive data.
Penetration testing services, often shortened to the term “pentest”, is a term used when someone performs security testing on a system, application, or network. Penetration testing involves cybersecurity specialists who actively attempt to exploit vulnerabilities in a system or network.
Such activities are carried out in order to find out whether the system’s overall security protections possess loopholes. This is so that holes within the system can be immediately corrected by patching. This is done so that the security contained in a system or application being tested becomes impenetrable. In addition to conducting testing, pentest services also document the level of security of the system or application to be tested for subsequent reports or reports to the company / customer.
Before conducting a penetration test, there will usually be a contract between the auditor / pentester and the company that aims for the application or system to be tested.
Cyber Security Inspection
Cyber Security Inspection refers to the process of examining systems, networks, or software with the goal of identifying vulnerabilities or potential security risks. This is an initial stage that helps pinpoint potential security issues.
Vulnerability Assessment
Vulnerability Assessment involves a more in-depth analysis of discovered vulnerabilities, including an understanding of how these vulnerabilities could be exploited and their impact on the company. The goal of vulnerability assessment is to provide a more comprehensive picture of the risk level a company faces concerning specific vulnerabilities.
Vulnerability Scanner
A Vulnerability Scanner is software that automatically scans systems or networks to discover vulnerabilities that attackers could potentially exploit. Companies can utilize Vulnerability Scanners to scan software, configurations, or infrastructure that may exhibit potential security gaps.
Penetration tests are performed to identify whether an application, computer system, or a network has security weaknesses. If a flaw is found and can be proven by some risk analysis, then you will have time to be able to repair the system before someone irresponsible takes a chance from the weakness gap found. Through the use of good security systems, the company's sensitive data can thus be protected which results in the company avoiding unnecessary expenses and losses in the future.
Penetration testing techniques present several key advantages, including: