EKONID Insight

Data leak highlights Indonesia’s need for more cyber security

13.09.2021

With over 202 million internet users and over a projected US$44 billion transacted across its whole internet economy by the end of 2020, Indonesia's need for a strong and robust cyber security system it has never been more apparent.

Earlier this month, it was revealed that the personal data of some 1.3 million users of the Indonesian government’s COVID-19 surveillance app E-HAC (Electronic Health Alert Card ) had purportedly leaked. It was unclear as to who was responsible for the leak, but authorities said the personal data that were leaked were that of the old version of the app and that no one was under immediate threat.

As reported by the Indonesian Ministry of Health, the leak was first reported by private cyber security company VPNMentor to Indonesia’s National Cyber and Encryption Agency (Badan Sandi dan Siber Negara or BSSN) and was further received by the Ministry of Health on August 23, 2021. 

The Ministry of Health and BSSN followed up the report and proceeded to take down the E-HAC app. The data, which reportedly include the user’s designated health facility, designated quarantine hotel, and medical history, among others, had since been moved to a more secure data center run by the Ministry of Health to be integrated with another government developed app called PeduliLindungi (Care Protect). The Indonesian government had since mandated the use of PeduliLindungi as its main COVID-19 surveillance app.

The debacle that ensued following the purported leak highlight the country’s need for a robust and secure cyber security system. The barrage of negative news branching from the reveal remains a source of embarrassment for the government, especially after a copy of President Joko Widodo’s vaccine certificate began circulating in social media. Authorities later called the move an elaborate stunt that had nothing to do with the alleged leak, saying that President Widodo’s data, including his citizen identification number, was already available as public domain.

Public fallout from the leak also saw the government spending the last couple of weeks reassuring its citizens that its follow-up COVID-19 monitoring app PeduliLindungi was secure, which further diverts government resources from the more pressing matter of containing the pandemic and reigniting economic activity. 

Secure Digitalization 

It is plain to see that the COVID-19 pandemic has led to a much faster rate of digitalization than expected. And while this has sparked a significant rise in digital literacy, it has also major implications to cybersecurity. In 2020, a staggering 31% of global companies were attacked by cyber criminals at least once per day, according to a report from Acronis, a Swiss-based global technology company. 

A particularly noteworthy shift in cybersecurity threat is the rise in high-profile ransomware attacks. According to cybersecurity firm Barracuda, ransomware attacks grew 64% year-on-year between August 2020 and August 2021. And while the crime itself is nothing new, the trend of targeting more and more high-profile victims and higher demands has increased. In March 2021, Taiwanese computer manufacturer ACER fell victim to the REvil ransomware attack and was demanded US$50 million (over Rp 710 billion) – the largest known ransom to date.

As an up-and-coming emerging economy, Indonesia has expressed clear desire of adapting Industry 4.0 and turning a manufacturing hub. And yet industry 4.0 relies on heavily on the Internet-of-Things and automation, which by nature are prone cybersecurity attacks.

To its credit, the country seems to be shoring up its cyber defenses accordingly. Following the purported leak, the BSSN issued a press release noting the country’s rise in the 2021 Global Cyber Security Index – an annual publication issued by the International Telecommunications Union. Indonesia’s rank went up to 24 out of in 2021 from 41 in 2018. In the Asia Pacific region, Indonesia was ranked 6th. 

With everything being said, cyber security concern should continue to be a relevant issue for Indonesia for the foreseeable future, especially as the end to the COVID-19 pandemic remains out of sight. If Indonesia is to move forward smoothly in implementing the PeduliLindungi app as the national COVID-19 surveillance system, as well as to fulfill its desire to become a manufacturing hub, the country must continue to work and ensure that it continues to bulk up its cyber defence. Anything less, as the drama that ensued with the E-HAC app has shown, will only squander all the work that has been put in place.