As per BlackBerry’s latest Quarterly Global Threat Intelligence Report, there has been a 40 percent increase in cyberattacks targeting government agencies and the public services sector. With attacks becoming more frequent and complex, companies need to fortify their cyber resilience like never before.
We spoke to Edmund Situmorang, the Group Chief Technology Officer of PT. Asian Bulk Logistics and Head of AI at Sinarmas Mining to understand the dominant cybersecurity trends in Indonesia and how AI will change cybersecurity.
Here are the excerpts.
What are some of the dominant cybersecurity trends in Indonesia this year?
A lot of it has to do with artificial intelligence, which I’m grateful for because I’m also head of AI for the Sinarmas Mining group. We saw a lot of activity in the AI space where a lot of companies are doing a lot of automation. And since COVID, optimisation has been the key. So nothing, nothing short of AI could solve these kinds of problems.
Secondly, with many recent cyber attacks in Indonesia, for the government and the private sector, cybersecurity has become a number two focus. Especially with the PDPA law taking effect, people are given time till next year to deal with their data protection. So, a lot of cybersecurity and AI companies are expanding in Indonesia. And this is good as they see Indonesia as a growing country especially when it comes to the tech sector, wherein hundreds of startups have been recognised and are on the way to becoming big companies that encompass several countries in Asia.
By 2025, nearly half of cybersecurity leaders will change jobs, 25% for different roles entirely due to multiple work-related stressors, according to Gartner, Inc. What are some of the ways in which organisations can address this impending talent churn?
The simple answer is collaboration- this is where we need to put our heads together and strategise as a nation; and not only as a nation but worldwide, because this problem of cybersecurity is not just about one company or one nation. This is a problem that everybody has.
And especially, when governments get hacked, the whole nation suffers and the economy goes kaput. And this is something that we don’t want to see happen. We have seen the impact on the Indonesian economy of frequent cyberattacks. Companies now are having problems because they have to pay ransom; they are constantly being attacked. So if we don’t deal with this as a global community, we will have bigger problems going forward. This whole thing about ethics needs to be cleared up. Just like piracy. We spend money on removing piracy; similarly cybersecurity is a world problem. It’s not just about keeping your company secure alone.
When it comes to cybersecurity, lack of requisite talent is a big factor staring in the face of cybersecurity leaders. What can be done to bridge this gap?
I am also a managing director for Tech Connect Academy. This is an Innovation Centre under Sinarmas Mining. One effort we are doing as a group of companies (300 companies within the group) is spearheading development of talents. So the Innovation Centre is just a way for us to showcase that we can do innovation and we are inviting people to come and train with us for free. We spend quite a handsome amount of money in training about 30-40 people in every batch. And every year, there’s about four or five batches.
So this is an effort in a direction to create capable talents. And I think if every company is willing to spend a small amount of money to help in this journey of creating the right talents in Indonesia or elsewhere in the world, then this problem with unethical hackers will be diminished. People will start realising that they could work as cybersecurity professionals. So we just need our leaders to be out there and help engage people and companies to hire or recruit somebody to be trained and build a continuum, a sustainability in cybersecurity talent going forward.
Especially in today’s world, where AI is dominating every aspect. The world is changing; the landscape of jobs has changed. WEF in 2021 stated that 94 million of jobs are going to be lost and those are jobs involving administrative work. But then 98 million jobs will be coming in-data scientists, analysts, AI developers and the like. So understanding this shift is important.
How do you see the role of AI increasing in cybersecurity? What are some of the pitfalls to avoid here?
People think of AI as the future but our attackers are already employing AI. About five years ago, I developed an AI to detect people’s behaviour. We started off with natural language processing in Indonesian language. And it’s pretty complex as there’s a lot of slang that’s used. And from that NLP, we created a social credit scoring, a way how we determine people’s behaviour from their activities on social media.
Similarly, even cyber attackers are using AI; they’re looking at behaviours, and looking at the weak links in the company to exploit. So deep fakes, replicating retina scans is becoming common. Hence we have to fight AI with AI as these attackers will continue to exploit vulnerabilities in the system using AI.
Your one piece of advice to CISOs for this year when it comes to building a cyber resilience strategy?
The first thing would be to collaborate. I always say this-we don’t know what we don’t know. So it’s important to reach out and becoming a part of a community of people who are strong, is important today.
And secondly, leverage your connections, friends to bolster your cyber strategy. No matter how smart you are, there’s always somebody smarter out there. So having a network of friends, colleagues where we can discuss our problems or our strategies together enhances our cybersecurity strategies. So reach out as there’s no one person in the world that is capable of protecting himself from all the diverse threats that are out there. Reach out to the right community.