The Rise of AI-Powered Cyber Threats: Why Indonesia’s Banking Sector Needs Urgent Policy Action
In the rapidly evolving landscape of digital finance, the banking sector remains the ultimate prize for cybercriminals. However, the nature of these threats is shifting. We are no longer just dealing with lone hackers trying to bypass firewalls; we are witnessing a sophisticated fusion of internal fraud and high-tech external attacks. At the recent Executive Cybersecurity Roundtable in Jakarta, industry experts sounded the alarm on how Artificial Intelligence (AI) is being weaponized to target financial institutions and why Indonesia's regulatory framework must catch up before it’s too late.
The Hybrid Threat: Fraud Meets Cyber Attack
Eryk Budi Pratama, a leading Cybersecurity, Privacy, and AI Governance Professional, highlighted a disturbing trend during the "Defend, Adapt, Thrive: Cyber Resilience in the Age of Intelligent Threats" event. According to Eryk, the modern threat landscape in banking is characterized by a marriage between fraud and cyber attacks. The days of simple phishing emails are evolving into complex operations that often involve internal compromise.
These criminals are no longer just knocking on the digital front door; they are finding ways to get the keys from the inside. By targeting IT staff or business users who have administrative access, attackers can bypass traditional security layers. The entry points for these insiders are varied, often involving bribery or the pressure of ransomware attacks. Once internal data is leaked, criminals can craft highly convincing fake scripts, such as those mimicking the BI Fast system, to siphon off funds effectively.
AI as a Force Multiplier for Disinformation
While AI offers immense potential for defensive security, it has become a powerful tool in the hands of bad actors. Eryk warned that AI is currently being used to spread disinformation with unprecedented efficiency. In the past, spreading a false narrative required a literal army of human "buzzers." Today, AI can automate this process, making it cheaper and significantly more convincing.
One of the most terrifying developments is the accessibility of deep fake technology. Eryk noted that with just a few hundred thousand Rupiah, anyone can now create deep fakes that are nearly indistinguishable from reality. This allows attackers to impersonate bank officials or manipulate customers into providing sensitive information through audio or video clips that look and sound 100% human.
Indonesia’s Regulatory Void
The most pressing issue raised at the roundtable was Indonesia’s lack of specific regulations regarding AI standards. While the industry is currently saturated with seminars and training sessions on how to use AI, there is a glaring absence of discussion regarding its governance and ethical boundaries.
Eryk compared Indonesia’s current state to Europe and other Western nations that have already adopted standards from the Organisation for Economic Co-operation and Development (OECD). Specifically, the OECD AI Incidents Monitor (AIM) provides a crucial framework for documenting AI abuses, helping policymakers and practitioners understand the risks of irresponsible AI use. Furthermore, international standards like ISO 42001 (referenced as the evolution of AI lifecycle management) are already being implemented by professionals abroad to ensure proper governance, a step Indonesia has yet to take on a national scale.
Your brand deserves a better website.
We don't just use templates. We build custom web apps, landing pages, and company profiles designed specifically for what you need.
Looking to Neighbors for Inspiration
Indonesia doesn't have to look far for a blueprint. Neighboring countries like Singapore and Thailand are already ahead in the regulatory race. Singapore, for instance, has established a clear framework divided between generative AI and traditional AI. They have pioneered initiatives like "Project Moonshot" for Gen AI and the "AI Verify Foundation" for traditional models. These frameworks provide a structured environment where innovation can thrive without compromising security.
The Road Ahead: 2025 and Beyond
The call to action for the Indonesian government is clear. There is a desperate need for a Presidential Regulation (Perpres) regarding AI ethics and a comprehensive national AI roadmap. The ultimate goal would be to elevate these regulations into a full-fledged Law (Undang-Undang).
In the short term, there is hope that AI security aspects will be integrated into the upcoming Cyber Security and Resilience Law (UU KKS). Eryk revealed that behind-the-scenes discussions have taken place, and there is a tentative agreement to include AI security points in the draft. As we move toward 2025, the industry waits to see if these promises will manifest into the legal protections necessary to shield the nation’s financial heart from an increasingly intelligent and automated threat landscape.