Mitigation Of Cyber Crime And Challenges Of Digitalization Of The Financial Industry
JAKARTA - The rapid development of digital technology has brought opportunities for the banking and financial industry to expand its business scope. Penetration and expansion of the market will certainly encourage the level of financial inclusion of people in the country. Unfortunately, these potential and development are also accompanied by the threat of cyber crime, which is also increasingly widespread and sophisticated.
The National Cyber and Crypto Agency (BSSN) noted that in 2021 there will be at least 1.6 billion cyber attacks. In Indonesia, the financial and banking industry is the industry most affected by ransomware attacks. In fact, the cyber attack has made one of the largest Islamic banks in Indonesia unable to operate for several days.
Furthermore, in 2023 BSSN predicts that the potential for cyber attacks will be more widespread, including ransomware, brech data, persistent threat attacks, and phishing.
Ransomware attacks are still a "scaring" phenomenon in the financial sector in 2023. BSSN noted, of the 160 million malware anomalies, 966,533 were indicated to be ransomware.
"Of the 160 million ramsomware anomalies, nearly one million are indicated to be malware ransomware," said Director of Cybersecurity and Crypto of Finance, Trade and Tourism, Deputy IV of BSSN, Edit Prima at The Finance Executive Forum The Future of Digitalization and Cyber Crime Mitigation Towards 2045, Tuesday, November 14, at Kempinski Grand Ballroom, Jakarta.
He revealed that cyber attacks related to ransomware came from various malware that were included in the top 10 ransomware ranks, including Luna Moth, WannaCry, Locky, LockBit, Darkside, Ryuk, Troldesh, Grandcrab, STOP, Aaurora. Based on data from SmallBiz Trends (2023), 1 in 4 companies affected by ransomware went bankrupt and 2 out of 4 companies lost their reputation.
"So of course this is our common homework that ransomsare is a significant threat," he said.
Due to these conditions, he said, there are various learning lessons for cyberattacks in ransomware cases in Indonesia, regarding People, Process and Technology. He detailed, from the people side, namely in an effort to increase security awareness for all organizations related to the use of information technology.
"Be aware of emails as an initial access or entrance to the means of distributing ransomware, especially emails with attachment executables," he explained.
Then, in terms of the process, namely improving organizational level cyber security governance and also ensuring updating antiviral device updates and updating other security perimeters. Including he said, improving patch management (Patch Management) policies, implementing least-privilege policies, limiting program executions from temporary folders, applying data/systrem backup and recovery
Not to forget, from the technology side, it increases the ability of Web Filtering. The most important thing in learning cyber attacks in Tanar Air, he said, is that it stems from a simple thing, namely our negligence as employees in using email accounts as long as they click without being noticed, even though it is dangerous.
"Not only emails, but also a lot on whatapps and other media," he concluded.
Following up on the increase in cases in the financial industry, the Financial Services Authority (OJK) issued the first special cybersecurity rules in Indonesia, namely rule Number 29/SEOJK.03/2022 regarding resilience and security from commercial banks. These rules include assessing and managing risks, data protection, planning responses to incidents, and employee capacity including appointing a special division of cybersecurity.
In this case, OJK also revealed a number of challenges that will be faced by the banking industry in making digitalization leaps.
"We see that this digital transformation will be experienced by all banks whether it is a commercial bank and then a BPR, then the BPD will face challenges that are not easy, there are 10 main challenges," said OJK Banking Supervision Chief Executive, Dian Ediana Rae.
Dian detailed that these challenges include leakage of customer data, this is important because the Personal Data Protection Act (UU PDP) is very strong and the sanctions are very heavy. Thus, this will be one of the big challenges when the industry makes digital leaps. Then, strategic risks include IT (technological information) investments that are not in line with business strategies.
"This is the use of IT, because the IT provider has many different systems and many frozen events are of course match with the need for a business strategy of each individual bank," he explained.
In addition, there are challenges with inadequate human resources (HR) where educational institutions have not produced many talents in the digital field.
"This is now a lot of demand by markets and even organizations like OJK are facing challenges competing with the private sector, who is the most powerful in paying is the one who gets IT experts," he said.
Furthermore, the increasing frequency of operational incidents and risks that arise, related to events and risks arising from IT systems, even in the US, provides a kind of evaluation and identifies systematically in cybersecurity.
"In the US itself, now the number one challenge to the economy in the US is cyber attacks related to cybersecurity, ransomware is even in the main sequence of issues. This is because the increment of the sophistication of technology used by cyber leaders is extraordinary and the spread is global," he explained.
Then the next challenge is low digital financial literacy, inadequate communication network infrastructure, inherent risk of IT implementation, including cyber attacks, and third-party risks. Also, regulations to encourage digital transformation and collaboration as well as keep dust safe and healthy, and increase the number of crimes and frauds made possible by cyberspace.
Meanwhile, PricewaterhouseCoopers (PwC) stated that there are four advances in digital technology that are expected to occur in 2045, including the existence of Artificial Intelligence (AI), Internet of Things (IoT), Blockchain, to Quantum Computing. What will happen in 2045? What kind of technological improvements will be in the future? The first is certain that all AIs are all artificial intelligence," added the Director of PwC, Budi Santoso.
Then, related to IoT, in the future technology will develop faster and faster, until the emergence of a new capital city that will be based on smart cities or smartcity.
"This blockchain is used in many areas, the difference is that the blockchain system with the system we are using now, everything is completely integrated and connected, so conducting, information hiding will be very difficult to do, everything will be confirmed with the legal distributor," he added.
Meanwhile, the other technological improvements that are expected to exist in 2045 are Quantum Computing, where data processing will be faster, more automatic, and the impact will certainly target people's daily lives, especially in business operations, as well as to business licensing related to the government.
"Indeed, everything is digitalized, especially those who have used advanced technology, the impact is indeed extraordinary in the operations of a company, especially banking," said Budi.
In addition, Budi added that in the future, banks will overall use technology in the form of AI base personal banking, where technology will later be able to detect the needs of each individual.
"This is its evolution that in the past banking in persons came to banks to open accounts now in several countries that have not developed, there are still online banking, several developing countries are already mobile banking, now Indonesia's position is still between social banking and digital banking between the two," he explained.
The financial services industry, which is able to anticipate cyber attacks, should be appreciated for contributing to the national economy. For this reason, The Finance gave awards to 75 financial institutions (financial institutions) with the best performance at the Top 20 Financial Institution Awards 2023.
The financial institutions that received the award consisted of banks, life insurance companies, general insurance companies, reinsurance companies and finance companies. The awards were given based on ratings entitled Top 20 Financial Institutions 2023 conducted by The Finance on financial performance reports of five financial institutions in the last three years, namely from June 2021 to June 2023 (for banks), performance from 2020 to 2022 (for general and life insurance, as well as multifinance).
"This rating measures the performance of each financial institution from five financial institutions (audited) with the raw materials for financial reports in the last three years (period)," said Eko B. Supriyanto, Chairman of The Finance.
The rate of 'Top 20 Financial Institution 2022' uses the growth rate and essential financial ratios in the five institutions. After measuring the growth and essential financial ratios, it is then grouped based on the size of the financial institution. As per the award name, a maximum of only 20 financial institutions are included as winners for each industry.
As a result, there are 75 financial institutions, consisting of 20 banks, 13 life insurance companies, 20 general insurance companies, and 20 multifinance companies, and 2 reinsurance companies that are considered successful to be the best. The 75 companies then received appreciation from The Finance at the 20 Financial Institution Awards 2023.
In addition to 75 financial institutions, The Finance also awarded "The Finance Award 2023" to 94 financial institutions, and special awards to 2 of the most active financial institutions in the development of sharia products and digital innovation. Also, giving appreciation to the 39 best financial directors (chief executive officers/CFO) from four financial institutions.
This award is a form of appreciation from The Finance to institutions and executives from financial institutions with the best performance during three periods of financial reports. They deserve an award, because even though they are under pressure from the Covid-19 Pandemic and the dynamics of the global economy, they are able to show their best performance, "said Eko.