Cyber-attacks: Challenge and Opportunity

Oliver Valentino, Head of Cyber Security, PT Bank Amar Indonesia Tbk

Oliver Valentino, Head of Cyber Security, PT Bank Amar Indonesia Tbk

As a Head of Cyber Security, Oliver Valentino has to ensure overall operation and planning. He also carries out all processes such as security requirement design, security assessment, and review related to information and cyber security at Amar Bank to keep cyber security involved in product development, he needs to keep track of product development and monitor new regulations and threats so they can swiftly make necessary adjustments in their security control. Continuously monitor and protect Amar Bank’s platform and assets to make sure the team will respond as fast as possible when an incident or attack occurs. Oliver also assesses internal security posture and makes improvement plans to achieve targeted results.

Following is the conversation that we had with Oliver.

In recent years, the Asia-Pacific (APAC) region has become increasingly attractive to cybercriminals. According to IBM X-Force Threat Intelligence Index 2022, Asia was the most attacked region in 2021, receiving 26 percent of the global attacks. India tops the list of the most attacked countries in Asia. Your views on this.

We can see this as proof that business is thriving in this region, but it also shows that cyber criminals think that cyber security practice is not as developed and matured as in the other region. This is a wake-up call for all businesses that cyber attacks are happening and become one of the most crucial things to invest in. As we all know, the cost of a breach is becoming costly over the years. For cyber security professionals, this is also becoming a challenge and opportunity, because more companies will need more cyber security experts, but in the meantime, it is also a challenge for us to keep improving our skills and knowledge to keep up with the cyber attack landscape.

Why should organizations recognize that investing in skilled cybersecurity professionals and building a team is essential for long-term success?

The rationale is because more aspects of our lives are moving to digital space, including the banking industry. For example, in the early years, we need to do everything physically, such as going to the bank itself to do the transaction (the conventional way). But currently, most of our transactions are happening online. More companies will need to move their business to digital space, and most of them also will become technology companies but with different services to sell. With the high adoption of technology and digitalization of their services to gain an advantage in business, we will need an expert that can help us navigate this digital space safely. This is where our investment in cybersecurity will be highly needed. By adopting cyber security early on, the company already has a secure digital culture. This will help us reduce the risk of security breaches as early as possible. By having a good team, tools, and process, the speed of development will not be hindered by the presence of cyber security control. That is also what we’re doing in Amar Bank, we have built a cyber security team to assess the risk of the changes, and prepare for the digital initiative that is going to be implemented by another team. By being prepared and aware of this risk, we can also defend ourselves.

By Adopting Cyber Security Early on, the Company Already has a Secure Digital Culture

What would be your piece of advice for your fellow peers and leaders?

Let’s acknowledge that cybersecurity is growing and the landscape is also changing. The essence is still the same, but the technology, technical, process, and expertise needed is shifting. We are no longer protecting the perimeter, but protecting the data instead. Boundaries become blurred, and we cannot easily draw the line between trusted and untrusted. A lot of resources and services like cloud and SaaS platforms are now shared and the asset is no longer owned by the company. By acknowledging these changes, we can make the necessary adjustments so we can keep up with the changes in the technology landscape. Do we need a firewall or do we need monitored and managed network access? Do we need IDS/IPS or do we need visibility in our network? Do we need SIEM or do we need a monitoring and alerting system? Do we need a pen test and Vulnerability Assessment or do we need visibility into our security posture and relevant threat? We have to assess and separate the objective, and how to achieve it. Yes, those tools help us to achieve the objectives, but having those tools is not the objective. Not every solution is fit for every organization, so you have to do the research to get the right objective and solution for each business or organization.