Deploy Release Plan Plan Monitor Code Test Build Operate Dev Sec Ops BRI also implemented Mobile Apps Security technology as a comprehensive solution that could protect mobile applications. The application of this technology aimed to make applications more resistant to cyber attacks. This solution also had a centralized dashboard that could map attacks that occured on applications so that BRI could have visibility against attacks that could be used to make decisions to reduce the threat of cyber attacks borne by BRI. BRI had a special function/section related to the Security Operation Center (SOC) which monitored cyber threats continuously (24 hours, every week, for 365 days). In monitoring cyber security, BRI also conducted proactive monitoring through threat hunting and threat intelligence services which had been further developed by involving international scale providers. In addition, to monitor and mitigate the threat of brand abuse, BRI had a brand protection program of which job was to monitor brand abuse on social media. This prevented BRI from data breaches since 2019. To manage these various technologies, BRI also had a single security tool that could meet all the needs of security operations, namely the Security Orchestration, Automation and Response (SOAR) solution designed to integrate and automate different security tasks, processes and applications in responding to security incidents to strengthen the BRI SOC team. BRI also collaborated with competent third parties to identify BRI system vulnerabilities and review BRI’s information security independently in the form of vulnerability assessments, penetration tests and cyber-attack simulations (red team). BRI implemented security strengthening at 3 (three) Data Centers so that it could provide more comprehensive security in carrying out its commitment to maintain cyber security. With the ratification of Law no. 27 of 2022 concerning Protection of Personal Data, BRI also developed Data Security Governance as a reference for BRI in organizing the prevention of customer digital data from changing hands to unauthorized parties, whether intentional or not, when the data was in storage, in transit, or when used. This was conducted with the aim of increasing cybersecurity maturity, preventing security incidents from occurring, and further enhancing security. BRI as the parent company of the BRI Group also had an important role in securing BRI’s Subsidiaries, namely by becoming the coordinator of cyber security for 10 (ten) subsidiary companies. This was conducted to reduce the probability and intensity of attacks on the BRI Group with a broad threat landscape to reduce the digital risk of the BRI Group. Information Security Culture Showing its commitment to information governance, BRI imposes disciplinary actions against individuals who violate information security rules and where this action cause impacts to the Bank’s business. To enhance BRI employee’s awareness towards information security, BRI routinely conducts awareness-raising program through various forms and media, including: 1. BRI’s internal poster and publication, 2. E-learning program for all employees, 3. Webinar, open for BRI employees, and 4. Anti-phishing campaign via email. Sustainability of Information Technology Services The potential for damage, disruption or non-functioning of information technology infrastructure due to things that cannot be avoided and predicted, such as disasters, infrastructure disruptions can occur at any time without being predictable. Disasters also have several criteria, namely they can be natural disasters, humancaused disasters and disasters due to system failure. Disasters that occur can result in information technology infrastructure being unable to operate or function, thus greatly affecting the company’s operations and business activities. PT Bank Rakyat Indonesia (Persero) Tbk. 2023 Annual Report 434
RkJQdWJsaXNoZXIy NTM2MDQ5