Markets & Money
Cyber Vulnerability Exposed: Indonesia's Banking
Indonesia's banking sector faces rising cyber threats, with an 85% increase in email attacks in Q3 2023. Bank Syariah Indonesia (BRI) has been criticized for inadequate security, as customers report significant losses from digital fraud, highlighting the need for stronger protections.
An Alarming Increase In Cyber Attacks Puts The Spotlight On BRI's Security Measures
Indonesian citizens facing cyber thefts find themselves with minimal support from either financial institutions or law enforcement agencies.
At the heart of this distressing trend is Bank Syariah Indonesia (BRI), the nation's premier bank, where a significant number of customers have reported their savings being wiped out due to digital fraud.
This phenomenon is not isolated but indicative of a broader surge in cybercrime within Indonesia.
A report by Al Jazeera highlights an alarming 85% increase in email account attacks across Indonesia during the third quarter of 2023, as per Surf Shark, a cybersecurity firm based in the Netherlands.
This rise comes in stark contrast to the declining rates of similar breaches in other countries, including the US and Russia, underscoring the heightened vulnerability of Indonesian government banks to cyber threats.
Victims like Nih Lu Putu Rustini and I Made Rai Dwi Ada Diatmika have shared their distressing experiences, having lost significant sums of money from their BRI accounts.
Rustini, for instance, discovered her savings had disappeared when she attempted to withdraw money, only to be told by a bank teller that a hacker had stolen her funds. Similarly, Diatmika found his account emptied, with BRI denying any responsibility for the loss.
Their stories highlight a critical issue within BRI's digital security framework, raising questions about the bank's ability to protect its customers.
The cybersecurity challenges facing Indonesia are underscored by its low ranking among G20 nations in cyber threat prevention and management.
This vulnerability is attributed to what experts like Gatra Priyandita from the Australian Strategic Policy Institute describe as "poor digital hygiene" among Indonesians, who are increasingly online but lack awareness about cybersecurity.
In response to these challenges, BRI has asserted its commitment to international cybersecurity standards and the deployment of sophisticated technologies, including artificial intelligence, to detect and prevent fraud.
"Our commitment to data security is evident in our internal policies and the establishment of the CISO. We consistently upgrade network security and utilise advanced technologies like Data Loss Prevention (DLP) to strengthen our defences," stated Arga M. Nugraha, BRI’s Director of Digital & Information Technology.
Gatra Priyandita suggests, "Australia should intensify its bilateral cyber engagements as a means of supporting a cyber-resilient Southeast Asia. Working with some of the more cyber-mature countries of ASEAN (such as Singapore and Malaysia), as well as other countries in the region (like Japan and South Korea), Australia could pool resources for cyber capacity-building and establish a platform for cyber intelligence sharing.”
Reflecting on the vulnerability of financial institutions to cyber threats, BRI’s head of information, Muharto, stated at a Jakarta forum,
“Banks are targets because banks are where the money is.”
Despite these measures, the bank emphasises the importance of customer vigilance in protecting personal and banking information. Yet, as the cases of Rustini and Diatmika show, there's a pressing need for more effective protections and responses from financial institutions when breaches occur.
The challenges faced by victims in seeking redress, highlighted by the limited resources for investigation and legal action, point to a broader issue of resource allocation and prioritisation within Indonesia's cybersecurity strategy.