Paradigm Shift Needed in Indonesia's Cyber Security
    Category: Column By : Charles Lim Read : 1495 Date : Monday, December 07, 2015 - 06:58:43

    Standard and Poor’s recently said it may downgrade any banks that fail to sufficiently protect themselves against cyber attacks, or sustain itself during a major data breach. Cyber security is now a major business subject and follows a simple theory: If you do not have cyber security, it will impact your business. Many firms have been hit with data breaches, such as Target, Home Depot, JP Morgan, Sony and the latest (and notorious) Ashley Madison. These episodes have helped to create awareness of the potential damage of these cyber attacks.

    Cyber attacks today inflict maximum damage, be it damages that companies have to pay, to the loss of reputation and distrust in the corporate brand. For organizations that have not invested in cyber security, it is often too late when a breach is discovered. Even S&P admitted that no cyber defense is foolproof.

    However, leaders must know about their true weakness from cyber threats. In recent research we interviewed key professionals in cyber security, it was clear that heavily regulated industries such as financial services will focus more on compliance standards, and thereby establishing better defenses. Other sectors were left to their own devices; take for example critical infrastructures such as energy and water and more has to be done to educate them the importance of cyber security.

    In recent research on Anti-DDoSƒ (Distributed Denial of Service) solutions, we found that Indonesia enterprises are still in early in adoption of advanced security solutions, and most  are adopting traditional perimeter defenses. The total Anti-DDoS market last year in Indonesia was $2.4 million, a small fraction of Asia Pacific’s total size of $168 million. In ASEAN developing countries, Indonesia lagged Philippines with $5.6 million and Thailand at about $4.2 million. The Indonesia cyber security landscape for networking and services has a total revenue of $76 million, and expected to grow to $294 million at a 31% CAGR of from 2015 to 2020.

    Indonesia firms should prepare for a cyber attack, from: “I have some defenses and am unlikely to be attacked” to: “I will be attacked, do I have the right defenses?” One recent study advocates the need of a holistic approach for enterprise security, using the concept of Threat Response Adaptive Core Ecosystem (TRACE), with the paradigm of “Prevent, Detect and Remediate.” 

    Indonesia’s IT professionals can interact with various security communities, understand best practices, and seek impartial advice with proper vulnerability assessment, before deciding the vendors to evaluate in their security improvement programs. Another area is to consider how to communicate risk to the board. For example, Threat intelligence is of high interest for executives, especially in the banking sector and are used to evaluate their risk posture against the type of attacks against their organization. Next, Indonesia firms should share threat intelligence, even among competitors. This community can work with international organizations to defeat cyber criminals outside Indonesia and discourage future cyber criminal activities in Indonesia.


    For more information about TRACE, please visit this link: