Cybersecurity in Indonesia: Protect, Detect & Recover for Cyber Resilience (ft. Dana Indonesia, Jakarta Smart City, West Java Provincial Government and Licel)

Show Notes

Guests:  Mr. Andri Purnomo, VP - IT Security, DANA Indonesia; Mr. Yudhistira Nugraha, Director, Jakarta Smart City; Mr. Agustinus Andriyanto, Associate Informatics Specialist, ICT Department, West Java Provincial Government; and Mr Ivan Kinash, CEO, Co-founder, Licel

In today's episode, we turn our focus to Indonesia. The discussion unfolds against the backdrop of the 43rd ASEAN Innovation Business Platform Indonesia Conference and Exhibition, hosted at the Ritz Carlton Mega Kuningan on the 19th of September.

Indonesia is the world's 4th most populous nation, with more than 204 million internet users, cyber attacks increase as digitalisation in Indonesia accelerates. According to the National Cyber and Encryption Agency, Indonesia experienced 1.3 million ransomware detections in 2021. Malware activities also account for over 53% of all anomalies that the agency monitored between January 2022 - August 2022. In light of the increasing frequency of cyber attacks aimed at businesses, it is crucial to prioritize cybersecurity measures for enterprises. Find out how organizations can safeguard the continuous operation of their business, uphold the confidentiality of customer data, and preserve the confidence and loyalty of stakeholders.

Transcript

Voice Over: 0:02

The AIBP ASEAN b2b growth podcast is a series of fireside chats with business leaders in Southeast Asia focused on growth in the region. Topics discussed include business strategy, sales and marketing, enterprise technology and innovation.

Vanessa Kwan: 0:28

Greetings and welcome to the ASEAN b2b growth podcast. In today's episode, we shine a spotlight on cybersecurity in Indonesia. This conversation took place during the 43rd edition of the ASEAN innovation business platform, Indonesia's Conference and Exhibition held at the Ritz Carlton Jakarta, Mega Kuningan with Mr. Ivan Kinash, CEO and co founder of Licel, hosting the discussion, along with Pak Agustinus Andriyanto, associate informatics specialist, the ICT department of West Java providential government, Pak Andri Purnomo, vice president of IT security at DANA, Indonesia, and Pak Yudhistira Nugraha, Director at Jakarta Smart City on the current state of cybersecurity in Indonesia.

Ivan - Licel: 1:19

Thank you very much. So, I guess we will do a bit more deeper introduction of each other. I will pass it to Andri first to talk a bit more about yourself.

Andri - Dana: 1:30

Okay, good afternoon, everyone. My name is Andri. I am from DANA, Indonesia. Currently, I'm working with the e-wallet company. So, this is quite a new startup in the industry. So, we have dealing with some of the security challenges. Probably, we can elaborate that in the discussions further.

Ivan - Licel: 1:54

Beautiful. Thank you very much. Andri. Agus

Agus - West Java: 1:57

Good afternoon, everyone. My name is Agustinus Andriyanto. I am from west java provincial government and currently I'm working at the Division of Information Security and Crypto. And now, like, we also have some programs about information security in our organization that maybe I can elaborate later. Thank you.

Ivan - Licel: 2:22

Thank you very much. Yudhi

Yudhi - Jakarta Smart City: 2:24

Okay, good afternoon. Assalamu'alaikum warahmatullahi wabarakatuh. I'm Yudhistira Nugraha, Director of Jakarta Smart City. Today, I'm happy also to see one of my senior as a civil servant Pak Ardi, long time no see Pak Ardi. So we are working closely on the first stages, building the Cybercity capacity in Indonesia. I think since 10 years ago, I think it's kind of like 10 years ago. I think today's topic is very interesting when dealing with how do we manage the cyber race in digital aids. This is something we can discuss further. Thank you.

Ivan - Licel: 3:08

Thank you, and a little bit more about myself. So my name is Ivan Kinash. I run the company that's called Licel. And we've been fighting abuses of mobile applications for 12 years. And as we all know, the cybersecurity industry is ever changing. So 10 years ago, we had to deal with one set of threats and attack vectors. Right now we're dealing with an absolutely different set of attack vectors. So we will cover a little bit of that, but we will spark the conversation with some examples of recent attacks. So I will pass it to Yudhi. You go first. So what's, what kinds of recent attacks you've encountered? And yeah, what were the mitigations? And if you were able to completely prevent those attacks, that will be also very cool to know.

Yudhi - Jakarta Smart City: 4:02

Okay, thank you for the question. Before I start answering that question, let me give, give some brief understanding about what the topic today is about. You mentioned about the protects the tack, and the cover. This is something, talking about managing risks when we're talking about the protects. So you have to understand about what asset you have. So I think in our context, or other company context, when we're talking about how do we protect our assets. So we talking about infrastructure, we talking about the data, and we talking about the software. And the second thing is about detect when we're talking about detection. So it's kind of like how do we monitor, how do we how do we get alert when something happened? And how do we get stay, stay confirm when when the incident happened in terms of the threat intelligence, and how do we manage, how do we respond when incident happen. It's kind of like incident respond. And the last thing when we talking about the recover, so we talking about the backup and recover. What, how do you call your name?

Ivan - Licel: 5:13

My name?

Yudhi - Jakarta Smart City: 5:14

Yeah.

Ivan - Licel: 5:14

Ivan

Yudhi - Jakarta Smart City: 5:15

Ivan, Ivan just asking us to give, to prepare one joke. This one joke of what? What you have to prepare one joke before we go to the States? And I told him that talking about the joke is already jokes. Back to the question when we talk about recover, backup, and storage, back up and disaster recovery. Something that's very interesting when we invest the backup, or you guys is you just you just invest money, you use spend a lot of money to backup these kinds of things. Because we don't know until the breach happened, when the breach happened, oh the backup is very important and we have to invest the backup. You know, this is something that is a joke because like, before the incident happened, backup is useless. Because whatever we do, like, okay, let's start with ransomware, for example. Ransomware Oh, what happened when ransomware happened? Unfortunately, we don't have backup. So we need to invest the backup. But before that, we invest the backup, oh, you spend a lot of money to backup everything. Because there is no incident happened. Just a joke, then this is something about the protect, and also talking about detect and recover. And back to your question, what the biggest cyber attack?

Ivan - Licel: 6:41

Something recent or anything that was like

Yudhi - Jakarta Smart City: 6:45

Something recent, I'm not talking about something recent. But I'm going to talk about our experience in the last three years. So one of the biggest attack that we have been facing experience is like DDoS, DDoS attack. But you know, like the multiple DDoS. There is two way about political and normally like financial motive. But this is very interesting. The DDoS coming to our system, when our leader talking about something, when the leader is finishing the speech, and the attack coming to our system. So these kinds of things, and one of the biggest attack recently or not recently, actively, it's like for the three years ago, we didn't realize I don't I don't want to make a specific time because it's like, it's very important, like during the three time during, within the three years, three years period, I think one of the biggest attack that has been facing or this has been experienced in our system is a DDoS attack. This is because like we cannot do anything, our service not able to access is not a user citizen not able to access our system. So we have to manage these kinds of things. So immediate alert respond that we have taken is, okay, we make separate configuration to make it the system can be accessed by citizen. But in the future, we have to look after how to build the secure and robust network or robust infrastructure to make sure that the DDoS attack can be mitigated. Well, something like that.

Ivan - Licel: 8:21

Yeah, it's still a thing. So DDoS is massive. And it's used a lot in political, political games. So yeah, that's totally understood. Ah beautiful, thank you very much. I will pass it to Agus. Any prominent attacks you would like to share with us?

Agus - West Java: 8:37

Yeah, thank you for the question. For government sector. Because like a , maybe like much of government has said they don't like prepare for attack, or, like doing some kinds of security defenses so, easily, like the most attack in website government usually is what defacement and then also in like, in the recent years, it's also about online gambling. So that's like the two must attack the, like, come to our organization. Like we have many agencies in the local government of West Java, province, and there are like about 40 separate agencies and like each of them, like have website and also their application. And mostly, what I see is that two kinds of attacks is the most.

Ivan - Licel: 9:34

Roger that. And finally, some very interesting stuff from the private sector. Andri.

Andri - Dana: 9:40

Okay. Currently, my company is in the financial business. So, we are preaching from customer with the peers from the banking, the other sectors, like the E-commerce and the most interesting that we recently get the attack from the last one year, the first will be the phishing attack. So because people want to tend to get the contact offer from someone else account, and that the simple things is the to do the phishing. So they try to social engineering the people pretending probably like the, the formal stuff from our company. And they're trying to trying to help but but it is not trying to help but they're trying to, to get take over the account and transferring all the money to themselves. And then the second, the things that we are I'm seeing from the last one year is dealing with the bot attack. So the bot attack is the automations majority of the financial sector is trying to avoiding like money laundering, and also the, the gambling. So the things that probably we don't know, either the customer or the customer is part of that. But we see that the tendency, the characteristics of gambling, try to hit thing, so many times in the endpoints, so the API will be the targeted. So if we are insecure that the API, so probably there will be get to be used by other by other people's and that will be is probably similar, because the financial sector getting hits more and more and then getting more impact, they say the we have like pretty significant growth in terms of the customer numbers in time for the last five years of operating. And then they try to get the popularity by hitting like those. So basically, unavailable service will be the one of the also the targeting

Ivan - Licel: 11:54

Thank you very much, I'll just reinforce the that we are seeing. aspects that was connected to phishing. So that's, that's a massive problem globally, we hear about that in every single country. And it could be just social engineering, it could be hybrid approach where there are some vulnerabilities being identified. And then bad actors play tricks with victims and try to implement their strategy via a blind to them essentially, or doing some doing some interesting things, which kind of leads to during the preparation for for the panel discussion, we touched the topic of Education and Human resource. So let's, let's talk a little bit about that. And Agus had some points on human resource and just education in general.

Agus - West Java: 12:47

Thank You, like in local governments human resource is a thing, big issue, especially like in local government, that is not focus on merely just IT, because, like, in our case, in provincial government, we have 47 agencies and like, the IT agencies is only one of them, and like, not, not considered as big agencies compared to others. So, but like, if anything happens, like a bug in information security incident, then like, the problem is, then it is us that like us to solve that problem. But now, so here, like, the problem is how like, we can educate or like growing the security awareness to the people that most of them are not in IT related background, that's the problem and they use system, they use application, but then they are not aware about the security is our problem. So, there are several programs in our division, like we have monthly webinar. So, we invite some experts the above about the idea of IT security awareness or related to IT security, and then also we have like, weekly news, we call it as Monday Information Security news, yeah, in the form of flyer then we circulate it in WhatsApp group, and then also because we are provincial government, so so we coordinate with any other local governments in West Java province, that is smaller than us. It is like city and latency governments. So like, several times in a year we like organize some events to do I like some kind of trainings and also invite some expert. Yes, some are from bases and are in others to, like price, their capacity about information security. It's also, then we in fact also dances in our institution, but like, maybe it's not too effective. Because what I said that many people that manage it in many ages, actually they are not it backgrounds. Yeah, but that's part of some our programs that we regularly have. Every year.

Ivan - Licel: 15:41

I really liked one of the examples that you share. So essentially, what the department does sometimes sends fake phishing emails, which is pretty cool. So you will get an email from actually that's, that's an official email from the government agency. And then can you can you tell tell us more about the the success of this operation?

Agus - West Java: 16:02

Yeah, once like, we met an experiment, like, we have email server and like, yeah, many people, employee of West Java provincial government have email a content, we try to send them a message actually is like a kind of what a simulation phishing simulation. So then, many of them, then click the link that, that they provide, and then we just send them a message to them, give me certain okay, this phishing you should not, like click that link. And, like, also we inform, what is characteristic of email that are considered as phishing.

Ivan - Licel: 16:51

That's very cool. And it just organically goes to Yudhi, with your, your background and education as well. So can you tell us a bit more about what do you do to enable the younger generation to reinforce the security posture of Indonesia?

Yudhi - Jakarta Smart City: 17:09

Yeah. Okay, when you're talking about the education is, is not only one entity that look after, but also it's kind of like self responsibility. But building the young generation or digital talent in cybersecurity or digital forensic, or any other things related other things related is very challenging, because we not only teaching them to understand about the topic, but we, we need to provide them the experience. So therefore, even though let's say for example, in the UK, they provide the Center of Excellence, they provide like some campus they already provide the the master degree or even the PhD degree in cybersecurity, but I think in Indonesia, some university already have some programs, education, in cybersecurity in many campus, in many university. But the problem is, that student need to have some deep dive understanding about the what use cases that need to be solved. Let's say for example, we, one of the university so because I'm also teaching what in one campus we have, the capstan, capstan means that we give understanding for the student to see the real problem, let's say for example, they, we, we work together with one company and the student come together with them what the biggest risks happen in your company, because some, some time the company is they don't understand about risk register that they have as a priority risks that need to be mitigated. This is important because from the cyber security perspective, we, we not able to put appropriate measure if we don't know the our enemy, so we need to see what the biggest ways that need to be what the priority risks that need to be mitigated. And by doing that, we can put appropriate security control. So this part of the education, so to see how the young talented people solve the real problem and so forth. So, through the capstan or deep dive or any other things, and the second thing, I think, many-many for or many communities, they already have like some like guest at the flag or any other event like bug bounty program. So this kind of thing like to give the awareness giving the awards not just we provide the seminar, we provide the workshop, but to give the real cases and also, we're also talking about the threat model. So this is one of the best approach to see how the attacker will procede the pilot. So we have to understand about the thinking of the attacker. When they want to proceed the system, let's say, for example, talking about the ransomware, many ransomware is happened in many cases. But if you see all the cases of the ransomware cases, that from the people, they get the credential from the people. And after that they deliver, they deliver package or they deliver pilot on the system. And that by, by putting the pilot in the system, they start breach, and then they start the breach. And they start effect, take the control. Because when, when you're looking at the way of attack can be compromised, start, like survey, survey attacks, they see which vulnerability that can be compromised with hole that can be put in place. And the second one is about how we deliver the pilot or malware, for example. And after that, how do we breach and there's the second, the last one about effect, taking the control. So this is part of the education, I think, from my perspective, because when talking about cybersecurity, it's not only for the technical guy, because in some, in some university in the world, they also looking at cybersecurity from the broad perspective, from political science or law perspective. So even though you're not from the computer science background, I believe, because like cybersecurity, from my perspective, that can be learned. Because in, in Indonesia, for example, one, one subject or taking a cybersecurity subject. So the courses, the examination, the exam, we don't have the main exam, final exam, we don't have at all for the minute. So we give them cases. So for the whole year, we give three cases. One case is about how do you deal with the data breach. And the third case is about how do you get this digital evident and when something happened is about digital forensic. And the third one is the final project is about cap the flags, and how do you get, deliver attack to the system, this kind of thing, but this is about the process, something like that.

Ivan - Licel: 22:09

Exactly. So essentially, we've just breached two things. Campaigns like this, like fake phishing campaigns like these for general audience serve as the confirmation of the knowledge being consumed. So people become more aware of the risks and Andri, you get a hybrid question. So essentially, let's talk a little bit more about human resource and how the shortage of talent in Indonesia affects you. And also, let's kind of slowly transition into Threat Modeling response strategies and touched up

Andri - Dana: 22:43

Okay, dealing with people it is probably the most, the most, the most challenging factors talking about the balance, if we probably compare with the research coming from ISC2, they told us that, for majority of the ASEAN countries only 30% that can be supply with the correct talent with good experience and practicality in the field. Yeah, this is can be quite contrast, when we see between the supply and demand because the demand is very high, every company goes to digital, they need to have the instant resources that can be going to and running with the process while at the supply things because this is like half the very talented people that will be that will be challenging. Yeah, if probably we can that interesting story that Pak Yudhis also mentioned about the from the academic institutions. So, I see that there is a growing number of the university that now talking about the subject of the cybersecurity profession like five years back, it is probably on the view of them now getting more popular, but the things that, the things that have been seeing, reviewing their curriculum is the context of the curriculum goes to the implementation in the, the real world, sometimes the curriculum because the majority factor of the education part is about the teachers. So, the teachers that probably have a very old approach will be not have the can updates with the student with the more recent technique and strategy dealing with the probably the cybersecurity and that will be the problem because in the real company that is also probably may lack of visions of visibility and dealing with the practicality in the field. The things that probably we need to have the balance between the academic person because this will be the good supply from the for the most of the company and then trying to combine with the how to get ensure that the resources coming from the Academy being accelerated to have been as very skillful. Yeah, we can probably using that training approach certification approach, but it is not guaranteed that we have like a very well, people that knowing everything, because this is cybersecurity getting more complex, we dealing with new technology, probably not all people will under easily understand about that. And we need to probably make that into the third factor that as mentioned before, and this is probably the our homework together just to make sure that because we are the cybersecurity professional, we want to make sure that the business also we can help the business to grow while to have also the secure and without being a cooperated with one another. So, but basically, this is will be cannot be accelerated.

Ivan - Licel: 26:03

Thank you. So, I think it's time for us to dive a little bit into AI and machine learning. So, for probably for years and years and years, we've been relying on machine learning, it's not a new thing. It's been around for quite a while. So, machine learning has been used for fraud prevention and fraud scoring for Yeah, loads of different things, essentially. And pattern recognition, just like lots of things. And right now we get access to technologies like Chat GPT, and so on and so forth. So, let's briefly touch this topic and see how we can not be afraid of the technology not being like okay, we don't, we won't don't want to see that let's stop the progress. Let's, let's hide from it. But how do we lead the way in terms of utilizing AI for reinforcing the security. So Yudhi, if you can share you're

Yudhi - Jakarta Smart City: 26:59

Talking about the AI and machine learning is a one area that is going to be growing interesting in cybersecurity, because looking at the cybersecurity scope, so we talking about the system, mostly people talking about the system, and then coming coming with talking about the people. And now it's talking about the data because in terms of the scope of the cybersecurity from the academic perspective, or professional perspective, we look at at the three scheme, three area, people data and system. And, and now people talk about AI and cybersecurity or machine learning and cybersecurity. Because very interesting looking at because talking about AI is nothing without the data one thing and in the security, let's say for example, the authentication, normally authentication we, I think most people here understand about what you have, what you know, what you are, you what you what you know, is what password is password is oh, this is not secure. Okay, we edit what you have a token multifactor or any other thing and what you are your biometrics. But this is something that how to provide a secure authentication, secure identity. But some people always use behavior analytic. So you know about the continuous authentication and what the continuous authentication means that the continuous authentication is not just one step. So the process is always changing time to time. Let's say for example, I want to access the system using my behavior. And after that, because using my behavior, that means that nobody can repeat nobody, nobody can replicate my behavior, right? So this is something how AI can also support the security system. And also this one example. Another example, is this. You know, like, when you're talking about attacks, attacks, coming from external and also coming from the internal, talking about the insider threat. Insider threat is one of the biggest challenges. How do we deal with insider threat? So normally, when how do we mitigate insider threat is very challenging, because how do we cope with this kind of attack? By using AI we can also dealing with kind of things, let's say for example, behavior of the people where this guy or this guy is about like this kind of anomaly, or this guy is kind of like not identified to the system or we can catch the system. And we can also integrate to the, the instrument or any like SOC, oh, something happened in this your network, you need to follow up this kind of thing. But we can use AI, machine learning to learn to learn B to learn the behavior of the people working in your system. So this, I mean, AI also matter in this context. And there's many things like let's say for example, it's about the threat intelligence. You know like when you're talking about threat intelligence, there is someone about the collection. So before the threat intelligence, we have to have this the objective of what, what the purpose of the threat intelligence, but the process of the threat intelligence consists of several process collection? How do we collect all the data from oh we can use any open or sim platform or any other thing to get the data? And after that, how do we process the data processing of the data? How do we classify the data, you don't have to process the data, we can use the machine learning we can put label or any other things. And since we have labeling all the data using the processing system using AI or machine learning, and how do we analyze the data and the honest data, we can also like, we can also data analytic from descriptive analytic, diagnostic analytic, presentive predictive analytic, or even prescriptive analytic tools for data analytic. And after that we can get it back or disseminate those kinds of information to certain stakeholder. That's, that's the thing that really matters in cybersecurity, because like, data science also is part of the kind of thing is also privacy, not only about cybersecurity, but also privacy also matter. AI, because nowadays, people talking about the AI ethics in processing personal data.

Ivan - Licel: 31:26

Yeah, that's, that's a massive pain. We'll find a way to solve it one day, Agus, how do you plan to leverage technologists like large language models like chats AI, to maybe educate, provide education for wider scope of citizens and things like that? And yeah, just your general thoughts on utilization of AI?

Agus - West Java: 31:49

Yeah, maybe for like a government is a new thing. So like, for detecting a threat or attacks, like maybe we can still have some devices that use like behavior analysis, but then for currently, in our organization, like, we haven't implement AI or machine learning for, like, mitigating the attack or prevent the attack? Yeah, we plan it like to use it in the near future, because I think it's mandatory for us to use that kind of technologies.

Ivan - Licel: 32:30

Beautiful. Andri, what's your reliance on AI? How do you utilize it,

Andri - Dana: 32:36

Okay, in the financial sector, probably, we can use AI in many forms. One of the example is through the probably the like the financial verifications. So, let's say that we, we, we registering ourself and then through the know your customers KYC process, and then we can probably come combine the, the informations from the specific persons, and then through the sum of the identity and biometrics from that perspective, we can also, AI without the bank data will be not meaningful. So, so we need to have like, big bank of the data and say that like, Pak Yudhistira also mentioned about the behavior pattern, so we can probably making them, making a more good experience dealing with the, the services. So for instance, that people accessing the outer services with the full informations, which is not fake, and it is probably consistent from time to time with their identity, this might be the person with the valid person in digital and then probably can reduce the number of verifications. And that will be getting better experience in using the apps because yeah probably will not probably put so many things as the verification models. And the other factors that when we're dealing with the last number data for the detecting the attack, for instance, like the bot because the bot sometimes and making the fake informations so that we need to have that much richer information like telemetry. So the telemetry will probably like describing if there is the like mobile apps, so our movement like fingerprint from one side to the other side. That will be capturing weather this is probably someone that doing the fraud, fraud probably like they're probably displaying two different screen, though the one that probably the bank of the information, then they're trying to copy paste, and you can see the telemetry there and then you can probably just enforce this what will be the right security measurement that can, that can protect that. So, yeah, that will be in terms of people that are dealing with the security, actually like reading result of the security report, sometimes just very too technical. And it is very hard to digest the what will be the meaning. So we can use like the ChatGPT or some some like a, BARD probably, to interpret what will be the result, what will be the right actions based on this raw data. Yeah, that will be the some of the practical sample that we are dealing with.

Ivan - Licel: 35:44

By a chance do you work on your large language models. Your Own. Yep. That's, that's very, very cool. Okay, so

Andri - Dana: 35:48

Yep. the next, the next topic for us to touch. And, Andri, I think we'll begin with you. What's your communication with the government, how central bank regulates the industry, how they make sure that the regulation is not very static and doesn't limit your options, but being dynamic and enabling you to create your own cyber response strategy and cybersecurity strategy in general. Normally, in the regulations from the central Thank you very much. Yudhi would you like to add anything on bank, it is quite very general, when we dealing with what will be the compliance factor that we need to put in the practical mode. So we need someone that can translate that into more practical approach, the things that we have done in the payment and financial industry is to the associations, we create like developing together the standard and based on the person with the the peraturan Bank of Indonesia, and then try to communicate that development result to the bank whether this is something that acceptable based on the regulator point of view, and once probably they have agreed, so this is something that practicality working level instruction that can be as a set as a guidance, because not all company can understand what will be the right security measure what will be the right security best practice, therefore, we need to have like a sort of practical working guidance to make sure that it is everyone in the same page, and then same measurement and some and the same, the evidence that we need to collect for the auditing. regulation and how government helps achieve better security posture?

Yudhi - Jakarta Smart City: 37:42

The most important for us as the electronic service provider, for example, is just to comply with regulation.

Ivan - Licel: 37:51

That's good.

Yudhi - Jakarta Smart City: 37:52

The second thing is I think the government need to provide the technical guidance for for the company or for the organization, because not all the company or organization, know how to proceed how to implement it all the best practices that happen. So I think not only, okay, we as an organization we have, we are happy to comply with regulation, but from the government, they need to provide the technical guidance for all the organization for the company to, to comply to the regulation. That's it.

Ivan - Licel: 38:25

Got it. Agus, anything to add on this topic?

Agus - West Java: 38:28

Yeah, about the regulation we have, I can see in national level, it's got national what it is called, national cyber and crypto agency. And like, this is the role model of us like to implement some idea. And then also about regulation, like in government sector, because every year we are assessed with some index, it's called like, government E-Government index and also like, we have security information index. So, that index are based on the regulation. So why like in the government level, usually they do like, follow the regulation from the central government, although also like, still because of the lack of human resources and also budget. Many, maybe not central government, they, they have, like quite enough big budget, like some local government remote area. They still lack of many resources. Yeah, still, like their comply for the regulation. Maybe not as much as the government in like some more developed area like that.

Ivan - Licel: 39:56

Thank You. And finally, I guess we've got just a few minutes left. Let's do, Oh, time's up. Oh my god. All right, we're going to maybe one line on future of cybersecurity. Yudhi, let's begin with you.

Yudhi - Jakarta Smart City: 40:11

The future cyber security at the

Ivan - Licel: 40:13

one liner

Yudhi - Jakarta Smart City: 40:17

The future cyber security more focused on data and people.

Ivan - Licel: 40:20

Yeah, that's a good one, Agus.

Agus - West Java: 40:23

Yeah, I think about cybersecurity is more and more important in our daily lives in the future.

Ivan - Licel: 40:33

Andri

Andri - Dana: 40:35

Cybersecurity is about how to prevent the people as the weakest link and just to make sure that everyone will be in the strongly silence.

Ivan - Licel: 40:43

Amen to this. This is where we ended. It's about people.

Vanessa Kwan: 40:48

Stay tuned for more insights on the current state of cybersecurity across the ASEAN region in the coming episodes.

Voice Over: 41:02

We hope you've enjoyed the episode. For more information about business growth in the ASEAN region, please visit our website www dot IoT business hyphen platform.com.