We are creating some awesome events for you. Kindly bear with us.

Indonesia’s Government leaders must think critically about their Security Infrastructure in a world of increasing threats

Indonesia's Government leaders must think critically about their Security Infrastructure in a world of increasing threats

On the morning of November 4th, OpenGov Asia and its partner Raytheon|Websense held an informative breakfast dialogue in Jakarta. The topic discussed was the growing threat landscape in Indonesia and what agencies are doing to actively combat these threats. More than forty-one delegates from twenty-three Indonesian public sector agencies were represented in this dialogue. Each delegate shared insights from their own experiences with cyber security and how they are forming their own security strategies. The speakers included: Mr. Mohit Sagar, Managing Director and Editor in Chief of OpenGov Asia; Mr. Anurag Madan, Head of IT Digital Services at Ministry of Social Development, New Zealand; Mr. Setiaji, Head of Technical Implementation Unit for Jakarta Smart City; Mr. Mohd Zabri Adil, Senior Specialist / Head of Digital Forensics Department of CyberSecurity Malaysia; and Mr. David Barton, Chief Information Officer for Raytheon|Websense.

The breakfast dialogue began with Mr. Mohit Sagar, Managing Director and Editor in Chief of OpenGov Asia. He opened up the discussion saying, “We are talking about cyber security. With this, we need to look at 10 security challenges which encompass internal and external threats to your organisation.” Mr. David Barton, Chief Information Officer for Raytheon|Websense, spoke on how security solutions can help combat these attacks. He felt that the security community must continue to innovate due to the ever changing cyber threat landscape. This is so they can give organisations the proper tools to defend their network and defeat attackers.

Mr. Setiaji, Head of Technical Implementation Unit for Jakarta Smart City, took the floor to discuss the government’s constant battle with cyber threats and how it is affecting Jakarta’s Smart City vision.Mr. Setiaji highlighted to the delegates, the very magnitude of attacks targeted at government, “Government websites are suffering from many targeted attacks. About 8,800 attacks on government websites occurred in 2014. This accounted for 73% of the total attacks in Indonesia.” Network security, Internal Application Security, IoT security, and False Reports are the minimum requirements to secure these networks. “As we launch Smart City initiatives, we will be using a lot of the devices from the Internet of Things. 70% of the data from these connected devices is hackable,” Mr. Setiaji told the room. The power of IoT is essential to Smart City systems. Devices and applications which operate through IoT need to be secured in order to develop Jakarta as a Smart City.

smrt city stats

Mr. Mohd Zabri Adil, Senior Specialist / Head of Digital Forensics Department of Cyber Security Malaysia, talked about the Malaysian experience and how his agency is governing cyber security management. “As a country, Malaysia is number 3 on the Global Cybersecurity Index and Cyber Wellness Profile Report. This is based on cyber security management,” says Mr. Zabri. Cyber Security Malaysia is very sure in their threat protection and they invest 20% of their IT budget towards security. This heavy investment represents their great dedication towards protecting their networks. With these investments, Cybersecurity Malaysia has run various initiatives promoting their mission.  Since 2011, Cybersecurity Malaysia customized their Information Security Management System (ISMS) to fit the needs of the National Cybersecurity policy. In 2013, a National Cyber Crisis Exercise was held to simulate the typical threats that would be used by attackers. However, Mr. Zabri worries that is not enough.

zabri

Mr. Anurag Madan, Head of IT Digital Services at Ministry of Social Development, New Zealand, discussed the concept of business resilience and initial security integration, as these topics relate to what is happening in Indonesia. Mr. Madan finds that using a business resilience strategy helps agencies deal with data risks in a more holistic manner. This helps organisations respond better and look strong to the public. Mr. Madan considers security as an integral part to ICT infrastructure. “One thing I emphasise in my department, is keeping security in the center of IT design and implementation,” Mr. Madan told the room.

After the speakers finished, OpenGov turned the conversation back out to the audience. It is recognised that each organisation has different security threats they worry most about. OpenGov probed the delegates to find their pain points.When the delegates were asked: “What security threats worries you most?” 36% of delegates responded with Data and Identity Thefts, 22% responded with Advanced and Targeted Cyber Attacks, and 22% responded with Employee Negligence.These responses are more distributed compared to Singapore. When the same question was asked to our Singapore audience, 50% of delegates responded with Advanced and Targeted Cyber Attacks and 28% responded with Data and Identify Thefts.

These numbers show that Singaporean agencies are worried more about Advanced and Targeted Cyber Attacks, than their Indonesian counterparts. This can be due to many of the Indonesian delegates (61%) feeling that their greatest threats originate from within their organisations. This is shocking. Data travels a lot within a network and it can be very easy for a skilled attacker to gain access. This is why organisations must have the proper mechanisms in place to ensure their network is protected, even from internal threats and accidents. To calm these fears, each organisation must put certain standards in place and keep people educated about threats.

Knowing how your security architecture behaves and reacts to threats is crucial.  When delegates were asked: “What do you think is the biggest challenge in your security architecture?” 71% of delegates responded with Lack of Data awareness and Visibility and 22% responded with Lack of Collaboration between various Security Products.It is clear that some of the delegates do not have the personal data investment for security. They are also still dealing with how to manage the data and how it behaves.

4nov websense setiaji

One delegate exclaimed, “We have around 1 to 2% of our IT budget allocated to security and this will never be sufficient to effectively protect our system.” Another delegate told us that their department has less than 0.2% allocated to security. With respect to his projects, Mr. Setiaji said, “Our concern is that we have all of the data integrated into Jakarta Smart City and it must be protected.”

Lack of data awareness and visibility is a concern, globally. As for Lack of Collaboration between various Security Products, there are key if components are not interacting with each other, it affects the whole system.  Mrs. Sri Hartati, Head of Central Financial (Information System & Technology), Ministry of Finance stated, “I never think about the budget because there is no common practice for how much to spend on security. In our office, we have specific targets to meet when it comes to security. We put it in our key performance indicators set for the year to measure our success.” To that, Mr. Zabri suggested to her, “Now, the next stage is to do testing, making these statistics measurable. So then, management can see your performance based on KPIs and invest more in security.”  This emphasises the need for organisations to start with strategising from assessing business priorities. This will help them better realise where to invest their IT security budget in.

If sensitive or classified information were to leak out due to internal or external attacks, it could devastate the organisation. Data Loss Prevention is a great asset to organisations as they often hold highly sensitive information.  This is why it is all the more important to have strong security measures in place. The poll results show that when delegates were asked: “Which of the following security measures do you think is most important to you?” 59% of delegates responded with Data Protection and Data Loss Prevention (DLP) and 29% responded with Insight and Real-Time Protection against Security Threats.

When the same question was asked to our Singapore audience, 38% of delegates responded with Data Protection and Data Loss Prevention and 44% responded with Insight and Real Time Protection against Security Threats. These numbers show that the delegates of Indonesia are more concerned with Data Protection and Data Loss Prevention than the Singapore audience. From this, we can see that DLP is an area of higher value to the Indonesian audience.

To this, Mr. Sagar asked the delegates, “How do we go about changing the mindset in people who do not realise the risk of not having these security measures in place?”Mr. Iwan Djuniardi, Director Transformation Technology, Communication and Information, Directorate of General Tax / Ministry of Finance responded, “We must justify where we spend on solutions and how we advocate security. This will help us change this mindset.” Mrs. Sri Hartatisaid, “For this, we have a Ministry of Finance Security mandate for security and we have an inspector general in our ministry to make sure that employees comply with our security policies. Our policies span across the whole employee chain. There are also formal communications held on these topics.” Internally, organisations should have strict rules on how to secure the data in their network. This is to help to protect their reputation. This is why DLP security should be of utmost importance to these organisations.

4nov websense

When asked to rate their own protection abilities, delegates were very responsive. To this, a question was raised, “How do you rate your ability to protect IT infrastructure against security threats?” to this, 47% of delegates answered ‘Needs Improvement’, 25% answered ‘Average’, 22% answered ‘Good’, and 6% answered ‘Do Not Know’. The delegates had various reasons to explain how they ensure security to their IT infrastructure. Mr. Bisyron Wahyudi, Vice Chairman for Data Center, Application & Database Department, Indonesia Security Incident Response Team on Internet Infrastructure (Id-SIRTII) said that in his organisation, “We do an evaluation of our security to assess our greater needs. This is a full assessment which includes integration testing.” Mr. Raditio Ghifiardi, Assistant Vice President of IT Infrastructure Group, PT Bank Mandiri (Persero) TBK, said,“[My organisation] does continuous improvement. Yet, we still worry as our customers may not understand security. For this, we improve our policy and spreading of awareness.”

Cyber terrorists are always watching targets and waiting for vulnerabilities. This idea can be frightening. “Today, I could be sitting in my house or on a boat and breaking into your biggest asset. If this attack is not protected, you would be considered the criminal for not taking on DLP measures. If you are not protecting your data, you are not protecting your employees and users,” Mr. Sagar exclaimed.

Cyber-attacks are not going away anytime soon, or any day for that matter. Public Sector agencies must invest in the best solutions to protect their networks from the attacks stemming from the growing threat landscape.  Also, security has to integrate within the ICT infrastructure design because it helps organisations readily embrace protection. It all starts with what has been implemented in the beginning of the process. A robust framework must be in place to initiate strong and stable security measures throughout an organisation.  

PARTNER

Qlik’s vision is a data-literate world, where everyone can use data and analytics to improve decision-making and solve their most challenging problems. A private company, Qlik offers real-time data integration and analytics solutions, powered by Qlik Cloud, to close the gaps between data, insights and action. By transforming data into Active Intelligence, businesses can drive better decisions, improve revenue and profitability, and optimize customer relationships. Qlik serves more than 38,000 active customers in over 100 countries.

PARTNER

CTC Global Singapore, a premier end-to-end IT solutions provider, is a fully owned subsidiary of ITOCHU Techno-Solutions Corporation (CTC) and ITOCHU Corporation.

Since 1972, CTC has established itself as one of the country’s top IT solutions providers. With 50 years of experience, headed by an experienced management team and staffed by over 200 qualified IT professionals, we support organizations with integrated IT solutions expertise in Autonomous IT, Cyber Security, Digital Transformation, Enterprise Cloud Infrastructure, Workplace Modernization and Professional Services.

Well-known for our strengths in system integration and consultation, CTC Global proves to be the preferred IT outsourcing destination for organizations all over Singapore today.

PARTNER

Planview has one mission: to build the future of connected work. Our solutions enable organizations to connect the business from ideas to impact, empowering companies to accelerate the achievement of what matters most. Planview’s full spectrum of Portfolio Management and Work Management solutions creates an organizational focus on the strategic outcomes that matter and empowers teams to deliver their best work, no matter how they work. The comprehensive Planview platform and enterprise success model enables customers to deliver innovative, competitive products, services, and customer experiences. Headquartered in Austin, Texas, with locations around the world, Planview has more than 1,300 employees supporting 4,500 customers and 2.6 million users worldwide. For more information, visit www.planview.com.

SUPPORTING ORGANISATION

SIRIM is a premier industrial research and technology organisation in Malaysia, wholly-owned by the Minister​ of Finance Incorporated. With over forty years of experience and expertise, SIRIM is mandated as the machinery for research and technology development, and the national champion of quality. SIRIM has always played a major role in the development of the country’s private sector. By tapping into our expertise and knowledge base, we focus on developing new technologies and improvements in the manufacturing, technology and services sectors. We nurture Small Medium Enterprises (SME) growth with solutions for technology penetration and upgrading, making it an ideal technology partner for SMEs.

PARTNER

HashiCorp provides infrastructure automation software for multi-cloud environments, enabling enterprises to unlock a common cloud operating model to provision, secure, connect, and run any application on any infrastructure. HashiCorp tools allow organizations to deliver applications faster by helping enterprises transition from manual processes and ITIL practices to self-service automation and DevOps practices. 

PARTNER

IBM is a leading global hybrid cloud and AI, and business services provider. We help clients in more than 175 countries capitalize on insights from their data, streamline business processes, reduce costs and gain the competitive edge in their industries. Nearly 3,000 government and corporate entities in critical infrastructure areas such as financial services, telecommunications and healthcare rely on IBM’s hybrid cloud platform and Red Hat OpenShift to affect their digital transformations quickly, efficiently and securely. IBM’s breakthrough innovations in AI, quantum computing, industry-specific cloud solutions and business services deliver open and flexible options to our clients. All of this is backed by IBM’s legendary commitment to trust, transparency, responsibility, inclusivity and service.

Send this to a friend