Jakarta, INTI - Another data breach involving taxpayer identification numbers (NPWP) has rocked Indonesia, this time affecting sensitive information from several high-ranking officials. This incident is not the first of its kind, and with the increasing frequency of similar cases, we must ask: Why does Indonesia’s digital security system seem like a "leaky bucket" that hackers continuously target? Is this problem due to outdated technology or weak security policies implemented by government institutions?
Data Breaches in Indonesia: A Rising Trend
It's undeniable that personal data breaches have become a chronic problem in Indonesia. According to a report from Badan Siber dan Sandi Negara (BSSN), Indonesia faced more than 1.6 billion cyber threats in 2021, most of which targeted the government and public services sectors. One of the most alarming incidents was the 2020 breach of BPJS Kesehatan data, which exposed the personal details of over 200 million people.
The latest NPWP data breach adds to the growing list of digital security disasters plaguing Indonesia. The question now is: what’s wrong with our cybersecurity system? Is it outdated technology, or are other factors making us vulnerable to cyberattacks?
Outdated Security Technology
Many cybersecurity experts believe that one of the root causes of data breaches in Indonesia is the use of outdated technology. Security systems that are not regularly updated tend to have vulnerabilities that hackers can exploit. These outdated technologies were not designed to handle the increasingly sophisticated cyberattacks we face today.
According to a survey by IDC Asia/Pacific, 48% of companies in Indonesia still use security technology that is more than five years old, which is clearly inadequate to deal with modern cyber threats. Unfortunately, the Indonesian government is also lagging in upgrading the technological infrastructure used to protect public data.
Weak Security Policies
In addition to outdated technology, weak cybersecurity policy enforcement is another significant factor. Many government institutions and large companies in Indonesia have yet to fully implement best practices in digital security, such as multi-factor authentication (MFA), strong data encryption, and regular cybersecurity training for employees.
A report by Cybersecurity Ventures reveals that 84% of data breaches are caused by human error. This can include password management mistakes, clicking on phishing links, or failing to implement basic security measures.
Is the Data Protection Law Enough?
In 2022, Indonesia finally passed the Personal Data Protection Act (PDP Law), aimed at strengthening the protection of citizens’ personal data. However, while the law is a step forward, its implementation in the field remains less than optimal. Many companies and government institutions have yet to fully comply with the standards set by the law.
In practice, the PDP Law still faces numerous challenges, ranging from a lack of supporting infrastructure to undertrained human resources. Therefore, while this law is expected to improve the situation, the road ahead is still long.
What’s the Solution?
Given the increasingly critical situation, concrete steps must be taken to improve digital security in Indonesia:
- Regular Technology Updates: The government and companies must immediately update the digital security systems they use. Outdated technology will not be able to protect data from evolving cyber threats.
- Stricter Security Policy Implementation: Multi-factor authentication (MFA), data encryption, and regular security audits should be mandatory in all sectors handling sensitive data.
- Public Awareness: Education and training about cybersecurity must be enhanced, both among government employees and the general public.
- Strengthening Enforcement of the PDP Law: The implementation of the Personal Data Protection Act must be accelerated, with strict oversight and severe penalties for violators.
The NPWP data breach is a sign that Indonesia's digital security system is in critical condition. If the necessary steps are not taken immediately, the risk of larger data breaches and cyberattacks will continue to loom over us. It’s time for the government and the private sector to unite in strengthening the nation’s digital defenses to protect citizens' personal data from increasingly complex threats.