Strengthening Digital Security in the Cloud and AI Era, BDO in Indonesia Emphasizes the Importance of Cyber Resilience

Photo: BDO Indonesia

JAKARTA - The rapid development of cloud computing technology and artificial intelligence (AI) brings great opportunities as well as massive cyber risks for the business world. The case of cyber attacks that harmed the financial sector at the beginning of this year became a loud alarm for the company's executives to maintain brand value and operational stability.

In February 2026, one of the regional banks in Indonesia suffered a major loss due to a mass auto-debit attack by hackers (hackers) who drained Rp. 143 billion from more than 6,000 customer accounts. To mitigate the impact of the damage, the bank was forced to freeze the mobile banking and ATM access of its customers for months.

Responding to this increasingly worrying cyber threat phenomenon, Reza Aminy as Associate Director of IT & Digital BDO in Indonesia expressed his views.

"The investigation shows that the incident could come from several factors, from critical security failures, including IT systems that have not been updated since 2012, weak governance without a 24-hour Security Operation Center (SOC), and poorly managed vendor risks. In the end, the Rp143 billion loss had to be covered using the company's last year's profit, which confirms the bitter reality that the cost of recovery is much greater than the cost of prevention," he said.

Evolving Threat Ecosystems and the AI Challenge

The current cyber threat landscape is shifting very quickly, where the gap between vulnerability disclosure and active mass exploitation has shrunk from weeks to just a few days. In the cloud environment, identity compromise is now the foundation of 83% of major intrusions. Attackers exploit voice-based social engineering (vishing), steal authentication tokens (Auth tokens), and abuse CI/CD pipelines to gain full administrative access in just a few hours. The main target is still high-volume data theft, both by external threat actors and malicious insiders using private cloud storage platforms to exfiltrate data.

"On the other hand, although AI increases productivity, this technology acts like a double-edged sword by introducing complex privacy risks and facilitating cybercriminals," added Reza.

Threat actors are now arming AI to automate malware production, launch highly realistic phishing attacks, and generate deepfakes. The financial losses from these advanced attacks can be very large, such as the case of fraud that uses AI-generated audio and video to impersonate a firm's Chief Financial Officer (CFO) and successfully steal 25 million US dollars.

Building Cyber Resilience: Four Pillars of the Road to the Future

To avoid major losses and adopt new technologies with confidence, organizations must transition from manual defenses to an automated and resilient security posture. Reza Aminy outlines four main pillars that companies must implement:

Apply identity-aware and context-aware controls: Organizations must use phishing-resistant hardware-based multifactor authentication (MFA), as well as context-aware access to ensure only verified users on secure devices can access sensitive data. Automate defense and enforcement of security postures: Security teams must move away from manual patching to automated defense, such as using a Web Application Firewall (WAF) to block threats at the edge before software updates are applied. Modernize incident response: As modern threat actors actively destroy logs and data backups, organizations must implement an automated cloud incident response pipeline. AI-powered analytics integration as well as automated evidence collection can cut threat containment time from days to just minutes. Embed a deep security culture: Cyber risk management must be woven tightly into the company culture, ensuring employees remain the first line of defense against social engineering and AI-based threats.

Seeing the complexity, BDO in Indonesia is committed to being present to accompany organizations in building this essential cyber resilience through the implementation of a formalized cyber risk management framework. By helping to identify critical assets and existing vulnerabilities, BDO Indonesia guides companies in implementing strong security controls to protect all digital infrastructure.

Furthermore, BDO Indonesia's integrated approach not only focuses on technology, but also helps instill a strong security culture through employee training, as well as supporting continuous monitoring, periodic testing, and defense evolution so that companies are ready to face all forms of future cyber threats.