Cybersecurity in Indonesia: Protect, Detect & Recover for Cyber Resilience (ft. Dana Indonesia, Jakarta Smart City, West Java Provincial Government and Licel)

Show Notes

Guests:  Mr. Andri Purnomo, VP - IT Security, DANA Indonesia; Mr. Yudhistira Nugraha, Director, Jakarta Smart City; Mr. Agustinus Andriyanto, Associate Informatics Specialist, ICT Department, West Java Provincial Government; and Mr Ivan Kinash, CEO, Co-founder, Licel

In today's episode, we turn our focus to Indonesia. The discussion unfolds against the backdrop of the 43rd ASEAN Innovation Business Platform Indonesia Conference and Exhibition, hosted at the Ritz Carlton Mega Kuningan on the 19th of September.

Indonesia is the world's 4th most populous nation, with more than 204 million internet users, cyber attacks increase as digitalisation in Indonesia accelerates. According to the National Cyber and Encryption Agency, Indonesia experienced 1.3 million ransomware detections in 2021. Malware activities also account for over 53% of all anomalies that the agency monitored between January 2022 - August 2022. In light of the increasing frequency of cyber attacks aimed at businesses, it is crucial to prioritize cybersecurity measures for enterprises. Find out how organizations can safeguard the continuous operation of their business, uphold the confidentiality of customer data, and preserve the confidence and loyalty of stakeholders.

Transcript

YY - AIBP: 0:00

Mr. Yudhistira Nugraha, the director of Jakarta Smart City. Pak Yudhi please. May I also invite Pak Agi Agung Galuh Purwa, the Secretary of the information and communication technology of Java digital service. Sorry, so sorry please. Agustinus Andriyanto, the associate informatics specialist ICT department of West Java provincial government. May I also invite Pak Andri Purnomo , the VP ofIT security of DANA Indonesia, and hosting and moderating today's discussion we have with us,Ivan Kinash, the CEO and co founder of Licel. Okay, time to get your phones out. We're going to do a little poll. We've heard a lot from the previous speakers. Now we want to find out, in your opinion, after hearing all of these stories, right, what percentage of IT spend should be allocated for cyber security. I think Pak Andri will be very interested to see this. More than 20%, or 5 to 9%. That's a either or. So 50% feels that five to 9% 43% 10 to 14% okay, decent numbers. Or it's kind of a trick question. So most of you, I think, over here says more than 20% so I guess the scare stories have an impact. Now people feel like, Oh, more than 50% says that you should allocate more than 20% of IT spending. Now this is the key question. Let's roll out the next question, what percentage of IT spending Are you currently allocating? For cyber security? Real question, not should, but what are you actually allocating for cyber security? I've got to say this is the least gap we've seen so far in all of the countries we've been to. Most people say that, Oh, wow. It has changed quite a bit this is, this is very typical. So in all the countries we've been to, the majority of people feel that more than 20% should be allocated for cyber security spat, but less than 5% is actually being allocated right now for cyber security spend. So that's the challenge that we are facing in the industry, and I'll pass this over to you. Ivan,to keep in mind while we discuss this.

Ivan - Licel: 2:25

Thank you very much. So I guess we will do a bit more deeper introduction of each other. I will pass it to Andri first talk a bit more about yourself.

Andri - Dana: 2:36

Okay, a good afternoon, everyone. My name is Andri. I am from DANA, Indonesia. Currently I'm working with the e-wallet company. So this is quite a new startup in the industry, so we have dealing with some of the security challenges. Probably we can elaborate that in the discussions further.

Ivan - Licel: 3:00

Beautiful. Thank you very much Andri. Agus,

Unknown: 3:04

Good afternoon, everyone. My name is Augustine Andriyanto . I'm from West Java, provincial government , and currently I'm working at the Division of Information Security and Crypto. And now, like, we also have some programs about information security in our organization that maybe I can elaborate later. Thank you.

Ivan - Licel: 3:28

Thank you very much. Yudhi,

Yudhi - Jakarta Smart City: 3:30

Okay, good afternoon. Assalamu'alaikum warahmatullahi wabarakatuh. I'm Yudhistira Nugraha, Director of Jakarta Smart City. Today, I'm happy also to see one of my senior as a civil servant Pak Ardi, long time no see Pak Ardi. So we are working closely on the first stages, building the Cybercity capacity in Indonesia. I think since 10 years ago, I think it's kind of like 10 years ago. I think today's topic is very interesting when dealing with how do we manage the cyber race in digital aids. This is something we can discuss further. Thank you.

Ivan - Licel: 4:15

Thank you, and a little bit more about myself. So my name is Ivan Kinash. I run the company that's called Licel. And we've been fighting abuses of mobile applications for 12 years. And as we all know, the cybersecurity industry is ever changing. So 10 years ago, we had to deal with one set of threats and attack vectors. Right now we're dealing with an absolutely different set of attack vectors. So we will cover a little bit of that, but we will spark the conversation with some examples of recent attacks. So I will pass it to Yudhi. You go first. So what's, what kinds of recent attacks you've encountered? And yeah, what were the mitigations? And if you were able to completely prevent those attacks, that will be also very cool to know.

Yudhi - Jakarta Smart City: 5:08

Okay, thank you for the question. Before I start answering that question, let me give, give some brief understanding about what the topic today is about. You mentioned about the protects the tack, and the cover. This is something, talking about managing risks when we're talking about the protects. So you have to understand about what asset you have. So I think in our context, or other company context, when we're talking about how do we protect our assets. So we talking about infrastructure, we talking about the data, and we talking about the software. And the second thing is about detect when we're talking about detection. So it's kind of like how do we monitor, how do we how do we get alert when something happened? And how do we get stay, stay confirm when when the incident happened in terms of the threat intelligence, and how do we manage, how do we respond when incident happen. It's kind of like incident respond. And the last thing when we talking about the recover, so we talking about the backup and recover. What, how do you call your name?

Ivan - Licel: 6:19

My name?

Yudhi - Jakarta Smart City: 6:20

Yeah,.

Ivan - Licel: 6:20

Ivan.

Yudhi - Jakarta Smart City: 6:21

Ivan, Ivan just asking us to give, to prepare one joke. This one joke of what? What you have to prepare one joke before we go to the stage And I told him that talking about the joke is already jokes. Back to the question when we talk about recover, backup, and storage, back up and disaster recovery. Something that's very interesting when we invest the backup, or you guys is you just you just invest money, you use spend a lot of money to backup these kinds of things. Because we don't know until the breach happened, when the breach happened, oh the backup is very important and we have to invest the backup. You know, this is something that is a joke because like, before the incident happened, backup is useless. Because whatever we do, like, okay, let's start with ransomware, for example. Ransomware Oh, what happened when ransomware happened? Unfortunately, we don't have backup. So we need to invest the backup. But before that, we invest the backup, oh, you spend a lot of money to backup everything. Because there is no incident happened. Just a joke, then this is something about the protect, and also talking about detect and recover. And back to your question, what the biggest cyber attack?

Ivan - Licel: 7:47

Something recent or anything that was like Something recent or anything that was like

Yudhi - Jakarta Smart City: 7:51

Something recent, I'm not talking about something recent. But I'm going to talk about our experience in the last three years. So one of the biggest attack that we have been facing experience is like DDoS, DDoS attack. But you know, like the multiple DDoS. There is two way about political and normally like financial motive. But this is very interesting. The DDoS coming to our system, when our leader talking about something, when the leader is finishing the speech, and the attack coming to our system. So these kinds of things, and one of the biggest attack recently or not recently, actively, it's like for the three years ago, we didn't realize I don't I don't want to make a specific time because it's like, it's very important, like during the three time during, within the three years, three years period, I think one of the biggest attack that has been facing or this has been experienced in our system is a DDoS attack. This is because like we cannot do anything, our service not able to access is not a user citizen not able to access our system. So we have to manage these kinds of things. So immediate alert respond that we have taken is, okay, we make separate configuration to make it the system can be accessed by citizen. But in the future, we have to look after how to build the secure and robust network or robust infrastructure to make sure that the DDoS attack can be mitigated. Well, something like that. Roger that. And finally, some very interesting stuff from the private sector. Andri.

Andri - Dana: 10:46

Okay. Currently, my company is in the financial business. So, we are preaching from customer with the peers from the banking, the other sectors, like the E-commerce and the most interesting that we recently get the attack from the last one year, the first will be the phishing attack. So because people want to tend to get the contact offer from someone else account, and that the simple things is the to do the phishing. So they try to social engineering the people pretending probably like the, the formal stuff from our company. And they're trying to trying to help but but it is not trying to help but they're trying to, to get take over the account and transferring all the money to themselves. And then the second, the things that we are I'm seeing from the last one year is dealing with the bot attack. So the bot attack is the automations majority of the financial sector is trying to avoiding like money laundering, and also the, the gambling. So the things that probably we don't know, either the customer or the customer is part of that. But we see that the tendency, the characteristics of gambling, try to hit thing, so many times in the endpoints, so the API will be the targeted. So if we are insecure that the API, so probably there will be get to be used by other by other people's and that will be is probably similar, because the financial sector getting hits more and more and then getting more impact, they say the we have like pretty significant growth in terms of the customer numbers in time for the last five years of operating. And then they try to get the popularity by hitting like those. So basically, unavailable service will be the one of the also the targeting that we are seeing.

Ivan - Licel: 13:01

Thank you very much. I'll just reinforce the aspects that was connected to phishing. So that's that's a massive problem globally. We hear about that in every single country, and it could be just social engineering. It could be hybrid approach, where there are some vulnerabilities being identified and then bad actors play tricks with victims and try to implement their strategy via lying to them essentially, or, yeah, doing some doing some interesting things, which kind of leads to during the preparation for the panel discussion, we touched the topic of Education and Human resource. So let's, let's talk a little bit about that. And Agus had some points on human resource and just education in general.

Agus - West Java: 13:52

Oh, yeah, thank you. Like in local governments, human resource is a thing, big issue, especially like in local government, that is not focus on merely just IT, because, like in our case in provincial government, we have 47 agencies, and like the IT agencies is only one of them. And like not, not considered as big agencies compared to others. So but like, if anything happens, like a bug in information security incident, then, like the problem is, then it is us that, like us to solve that problem. But now, so here, like, the problem is how like, we can educate or like growing the security awareness to the people that most of them are not in IT related background, that's the problem. And they use system, they use application, but then they are not aware about the security is our problem. So there are several programs in our division, like we have monthly webinar. So we invite some expert that, yeah, talk about the IT security awareness, or related to IT security and then also we have, like, a weekly news. We call it as Monday information, security news, yeah, in the form of flyers. Then we circulate it in WhatsApp group. And then also, because we are provincial government. So also we coordinate with any other local governments in West Java province that is smaller than us. It is like city and latency governments. So like, several times in a year, we like organize some events to like some kind of trainings, and also invite some experts, yes, some are from bases and or any others to like raise their capacity about information security. It's also, then we invite also agencies in our institution, but like, maybe it's not too effective, because what I said that many people that manage IT in many agencies, actually, they are not IT background, yeah, but that's part of some our programs that we regularly have every year.

Ivan - Licel: 16:47

I really liked one of the examples that that you share. So essentially, what the department does sometimes sends fake phishing emails, which is pretty cool. So you will get an email from actually, that's, that's an official email from the government agency. And then, can you, can you tell tell us more about the success of this operation?

Unknown: 17:08

Yeah, once, like, we met an experiment. Like, we have email server and like, yeah, many people, employee of West Java provincial government have email account, then we try to send them a message. Actually, is like a kind of, what is simulation facing simulation. So then many of them then click the link that who that we provide, and then yeah, we just send them message to them, give me certain okay, this thing you should not, like, click that link and like, also, we inform what is characteristic of email that are considered as phishing.

Ivan - Licel: 17:57

That's very cool, and it just organically goes to uud with your with your background in education as well. So can you tell us a bit more about what do you do to enable the younger generation to reinforce the security posture of Indonesia? Yeah,

Yudhi - Jakarta Smart City: 18:17

okay, when you're talking about the education is is not only one entity that look after but also it's kind of like self responsibility, but building the young generation or digital talent in cyber security or digital forensic, or any other things related, other things related is very challenging, because We not only teaching them to understand about the topic, but we, we need to provide them the experience. So therefore, even though, let's say, for example, in the UK, they provide the Center of Excellence, they provide, like some campus, they already provide the the master degree or even the PhD degree in cybersecurity. But I think Indonesia, some university already have some programs education in cyber security in many campus in many university. But the problem is that student need to have some deep dive understanding about the what use cases that need to be solved. Let's say, for example, we one of the university. So because I'm not also teaching what in one campus, we have the caps. Cap means that we give understanding for the student to see the real problem. Let's say, for example, they we work together with one company and the student come together with them. What the biggest risk happen in your company, because some, sometimes company itself, they don't understand about risk register that they have as a priority risk they need to be mitigated. This is important, because, from the cybersecurity perspective, we we not able to put a pro. Be a measure if we don't know the our enemy. So we need to see what the biggest risk that need to be, what the prior priority risk that need to be mitigated. And by doing that, we can put appropriate security control so this part of the education so to see how the young, talented people solve the real problem and so forth through the Capstone or deep dive or any other things. And the second thing, I think, many, many, for many communities, they already have like some like guests at the flag or any other event, like bug bounty program, so this kind of thing like to give the awareness, giving the awareness, not just we provide the seminar, we provide the workshop, but to give the real cases, and also with also talking about the threat model. So this one of the one of the best approach to see how the attacker will will proceed, the pilot. So we have to understand about the thinking of the attacker when they want to proceed the system. Let's say, for example, talking about the ransomware. Many ransomware is happened in many cases. But if you see all the cases of the ransomware, cases start from the people, they get the credential from the people, and after that, they deliver, they deliver package, or they deliver pilot on the system. And then by, by putting the pilot in the system, they start breach, and they start the bridge, and they start, a fact, take the control, because when, when you're looking at the way of attack can be compromised. Start like survey. Survey attacks, they see which vulnerability that can be compromised with, with with hole that can be put in place. And the second one is about how we deliver the the pilot or malware, for example. And after that, how do we bridge? And this the second one, the last one about a fact taking the control. So this is a part of the education, I think, from my perspective, because when talking about cyber security, it's not only for the technical guy, because in some can, in some university in the world, they also looking at cyber security from the broad perspective, from political science or low, low perspective. So even though you're not from the computer science background, you Bible, because, like cybersecurity from my, my perspective, they can be learned. Because in in Indonesia, for example, one one subject about taking a cyber security subject. So the courses, the examination, the exam, we don't have the mid exam, final exam, we don't have at all for the mid so we give them cases. So for the whole year, we give three cases. One case is about, how do you deal with the data breach, and the third case is about, how do you get this digital evidence when something happens. It's about digital forensic. And the third one is the final project is about get the flags, and how do you get deliver attack to the system, this kind of thing. But this is about the process, something like that, exactly,

Ivan - Licel: 23:15

exactly. So essentially, we've just preached two things, campaigns like this, like fake phishing campaigns like these for general audience, serve as the confirmation of the knowledge being consumed, so people become more aware of the risks and Andre you get a hybrid question. So essentially, let's talk a little bit more about human resource and how the shortage of talent in Indonesia affects you, and also, let's kind of slowly transition into Threat Modeling response strategies and touch that

Andri - Dana: 23:49

okay, dealing with people it is probably the most, the most, the most challenging factors talking About the talents, if we probably compare with the research coming from IC square, they told us that for majority of the ASEAN countries, only 30% that can be supplied with the correct talent, with the good experience and practicality In the field. Yeah, this is can be quite contrast when we see between the supply and demand. Because the demand is very high. Every company goes to digital, they need to have the instant resources that can be going to and running with the process while at the supply things. Because this is like, have the very talented people that will be that will be challenging, yeah, if probably we can that insisting story that you this also mentioned about the from the academic institutions. So I see that there is a growing number of the university that now talking about the. Object of the cyber security provision like five years back, it is probably only few of them now getting more popular. But the things that the things that have been seeing, reviewing their their curriculum, is the context of the curriculum goes to the implementation in the the real world, sometimes the curriculum, because the the majority factor of the the education part is about the teachers. So the teachers that probably have a very old approach will be not have the can at this with the student, with the more recent technique and strategy, dealing with the probably the cyber security, and that will be the problem, because in the real company, the resources probably may lack of visions of visibility and dealing with the practicality in the field, the things that probably we need to have the balance between the academic portion, because this will be the good supply from the for the most of the company, and then trying to combine with the How To Get ensure that the resources coming from the Academy being accelerated to have been as very skillful. Yeah, we can probably using that training approach, certification approach, but it is not guaranteed that we have, like a very well people that knowing everything, because this is cybersecurity getting more complex. We dealing with new technology. Probably not all people will easily understand about that, and we need to probably make that into the third factor that as mentioned before, and this is probably the our homework together, just to make sure that, because we are the cyber security professional, we want to to make sure that the business also we can help the business to grow Well, to have also the secure and without being incorporated with one another. So, but basically, this is will be, cannot be as a limited Thank

Ivan - Licel: 27:09

you. So I think it's time for us to dive a little bit into AI and machine learning. So for, probably for years and years and years, we've been relying on machine learning. It's not a new thing. It's been around for quite a while. So machine learning has been used for fraud prevention and fraud scoring for, yeah, lots of different things, essentially, and pattern recognition, just like lots of things. And right now, we get access to technologies like chatgpt and so on and so forth. So let's briefly touch this topic and see how we can not be afraid of the technology not being like, Okay, we don't, we won't. Don't want to see that. Let's stop the progress. Let's, let's hide from it. But how do we lead the way in terms of utilizing AI for reinforcing the security. So Yuji, if you can share your

Yudhi - Jakarta Smart City: 28:05

talking about the AI and machine learning is a one area that is going to be growing interesting in cybersecurity, because looking at the cybersecurity scope. So we're talking about the system. Mostly people talk about the system, and then coming, coming with talking about the people, and now it's talking about the data, because in terms of the scope of the cyber security, from the academic perspective or professional perspective, we look at the three scheme, three area, people, data and system and and now people talking about AI and cyber security, or misleading and cyber script, because very interesting looking at, because talking about AI is nothing without the data, one thing, and in the security, let's say, for example, the authentication. Normally authentication we I think most people here understand about what you have, what you know, what you are, you, what you what you know is what password, password is. Oh, this is not secure. Okay, we edit what you have in a token, multi factor, or any other thing, and what you are your biometrics. But this is something that how to provide the secure authentication, secure identity. But some people always use behavior analytic. So you know about the continuous authentication? What the continuous authentication means? That the continuous authentication is not just one step. So the process always changes time to time. Let's say, for example, I want to access the system using my behavior and after that, because using my behavior, that means that nobody can repeat, nobody can replicate my behavior, right? So this is something how AI can also support the security system. And also this one example, another example is this, you know, like. When you're talking about attacks, attacks are coming from external and also coming from the internal. Talking about the insider threat, insider threat is one of the biggest challenge. How do we deal with the insider threat? So normally, when how do we mitigate insider threat is very challenging, because how we cope with this kind of tag, by using the AI, we can also dealing with kind of things, let's say, for example, behavior of the people, what this guy, or this guy is about like, it's kind of anomaly. Or this guy is kind of like, not identified to the system. Or we can catch the system, and we can also integrate to the the instrument, or any like SOC or something happened in this your network. You need to follow up this kind of thing. But we can use AI machine learning to learn, to learn, be, to learn the behavior of the people working in your system. So this, I mean, AI, also matter in this context. And there is many thing like, let's say, for example, it's about the threat intelligence. You know, like when you're talking about threat intelligence, there is some one about collection. So before the threat intelligence, we have to have this, the objective of what, what the purpose of the threat intelligence? But the process of the threat intelligence consists of several process collection. How do we collect all the data from Oh, we can use any open Austin platform or any other thing to get the data. And after that, how do we process the data? Processing of the data? How do we classify the data? You know, to process the data, we can use the machine learning. We can put label or any other thing. And since we have labeling all the data using the processing system, using AI or machine learning, and how do we analyze the data and the honest data? We can also, like we can also data analytic, from descriptive analytic, diagnostic analytic, preventive, predictive analytic, or even prescriptive analytic to for data analytic, and after that, we can get feedback or disseminate those kind of information to certain stakeholder. That's that's the thing really matters in cyber security, because, like data science also is part of that kind of thing is also privacy, not only about cybersecurity, but also privacy also matter in AI. Because nowadays people talking about the AI ethic in processing personal data,

Ivan - Licel: 32:32

yeah, that's that's a massive pain. We'll find a way to solve it one day. Agus, how do you plan to leverage technologies like large language models, like chats AI, to maybe educate, provide education for wider scope of citizens and things like that. And yeah, just your general thoughts on utilization of AI,

Unknown: 32:56

yeah, maybe for like, government is a new thing. So, like, for detecting a threat or attacks, like, maybe we can still have some devices that use, like behavior analysis. But then for currently in our organization, like, we have an implement AI or machine learning for like, mitigating the attack or prevent the attack. Yeah, we plan it like to use it in near future, because I think it's mandatory for us to use that kind of technologies,

Ivan - Licel: 33:36

beautiful Andre What's your reliance on? Ai, how do you utilize it?

Andri - Dana: 33:42

Okay, in the financial sector, probably we can use AI in many forms. One of the example is through the, probably the like the financial verifications. So let's say that we, we, we registering ourselves, and then through the know your customers, KYC process. And then we can probably combine the the informations from the specific persons, and then through the some of the identity and beyond metrics. From that perspective, we can also AI, we thought the bank data will be not meaningful. So, so we need to have like, big bang of the data and say that like, but you this, tira also mentioned about the behavior pattern, so we can probably making them making a more good experience dealing with the the services. So for instance, that people accessing the services with the full informations which is not fake, and it is probably consistent from time to time with their identity. This might be the person who. The valid person in the guitar, and then probably can reduce the number of verifications, and that will be getting better experience in using the apps, because, yeah, probably we not, probably put so many things as the verification models and the other factors that when we're dealing with the large number data for the detecting the attacks, for instance, like the bot, because the bot sometimes and making the fake informations, so that we need to have that much richer information, Like telemetry. So the telemetry will probably like describing if there is the like mobile apps, so our movement, like fingerprint from one side to other side that will be capturing whether this is probably someone that doing the fraud. Fraud probably like they probably displaying two different screen, the one that probably the bank of the information. Then they're trying to copy paste, and you can see the telemetry that, and then you can probably just enforce this, what will be the right security measurement that can that can protect that? So, yeah, that will be in term of people that are dealing with the security actually, like reading the result of the security report, sometimes just very too technical, and it is very hard to digest the what will be the meaning. So we can use, like the chat GPT, or some, some like a bird, probably, to interpret. What will be the result will be the right actions based on this raw data. Yeah, that will be the some of the practical sample that we are dealing with

Ivan - Licel: 36:50

by chance to work on your large language models, your own, yep, yep. That's, that's very, very cool. Okay, so the next, the next topic for us to touch and Andri, I think we'll begin with you. What's your communication with the government? How central bank regulates the industry, how they make sure that the regulation is not very static and doesn't limit your options, but being dynamic and enabling you to create your own cyber response strategy and cybersecurity strategy in general,

Andri - Dana: 37:23

normally in the regulations from the central bank, it is quite very general when we dealing with what will be the compliance factor that we need to put in the practical mode. So we need someone that can translate that into more practical approach the things that we have done in the payment and financial industry is through the associations we create, like developing together the standard and based on the information with the of Indonesia, and then try to communicate that development result to the bank, whether this is something that acceptable, based on the regulator point of view, and once probably they have agreed. So this is something that practicality, working level instruction that can be set as a guidance, because not all company can understand what would be the right security measure, what would be the right security best practice? Therefore, we need to have, like a sort of practical working guidance to make sure that it is everyone in the same page, and then same measurement and some and the same the evidence that we need to collect for the auditing. Thank you very

Ivan - Licel: 38:38

much. UT, would you like to add anything on regulation and how government helps achieve better security posture?

Yudhi - Jakarta Smart City: 38:48

The most important for us as the electronic service provider, for example, is just to comply with regulation. That's good answer. The second thing is, I think the government need to provide the technical guidance for for the company or for the organization, because not all the company or organization know how to proceed, how to implement it, all the best practices that happen. So I think not only okay, we as as an organization, we have, we are, we're happy to comply with regulation, but from the government, they had need to provide the technical guidance for all the organization, for the company, to comply to the regulation that's it

Ivan - Licel: 39:31

got it? Agus, anything to add on this topic? Yeah,

Unknown: 39:35

about the regulation we have, I can see in national level, it's got national, what is called site, national, cyber and crypto agency. And like this is the role model of us like to implement some it. And then also about regulation, like in government. Sector, because every year we are assessed with some index. It's called like government e government index, and also like we have security information index, so that index are based on the regulation. So why? Like in the government level. Usually they do, like, follow the regulation from the central government, although also like, still, because of the lack of human resources and also budget, many, maybe not, central government, they they have, like, quiet enough, big budget, like some local government remote area, they still, like of many resources, yeah, still, like they're comply for the regulation, maybe not as much as the government In, like, some more developed area like that. Thank you.

Ivan - Licel: 41:03

And finally, I guess we've got just a few minutes left. Let's do, oh, time's up. Oh, my God, all right, we're going to maybe one line on future of cyber security. Yudhi, let's begin with you

Yudhi - Jakarta Smart City: 41:17

the future cyber security at the one liner, the future cyber the future cyber security more focused on data and people. Yeah,

Ivan - Licel: 41:27

that's a good one. Agus, yeah,

Unknown: 41:31

I think about cyber security is more and more important in our deliveries in the future

Ivan - Licel: 41:39

Andre so

Andri - Dana: 41:41

basically it's about how to prevent the people as the weakest link, and just to make sure that everyone will be in the strongly silence. Amen

Ivan - Licel: 41:50

to this. This is where we ended. It's about people. Thank

YY - AIBP: 41:54

you very much. Ivan and our esteemed panelists, thank you very much for sharing insights into real world examples of how enterprises are dealing with the cyber security challenges in Indonesia. Right now, can I invite you to the front for a photo as they go through this happy face motion? I'm also pleased to tell you that happy hour starts, you know, just right outside, we will be doing the lucky draw. So one of you will get even happier with just with not only the happy hour.