Case Studies

Regulators Strictly Monitor Cybersecurity Systems in Fintech, Telkomtelstra’s Penetration Test is The Main Solution

Mon 01 March 2021, telkomtelstra
Regulators Strictly Monitor Cybersecurity Systems in Fintech, Telkomtelstra's Penetration Test is The Main Solution

Telkomtelstra’s penetration test service aims to provide fintech with detailed insights and assessments in an effort to ensure the security of their systems and fulfil their compliance obligations to regulators.

The dynamics of the digital era, which are moving very fast, are turning into game changers for financial services innovation. Financial technology (fintech) companies are gaining golden momentum along with the shifting trends in consumer behaviour that are increasingly adaptive to digital technology.

However, the fintech boom is not without challenges. Realizing such rapid growth, financial regulators in Indonesia have prepared the appropriate regulatory environment. One of them is the requirement of fintech to submit security system reports as part of compliance with applicable regulations.

Responding to this obligation, a certain Fintech company chose Telkomtelstra to conduct a penetration test (pen-test) to their system. Telkomtelstra’s pen-test service aims to provide the fintech company with detailed and valuable insights and assessments in an effort to ensure the security of its systems and fulfil its compliance obligations to regulators.

Penetration Test Support for Our Customers in the Fintech Sector

This particular Telkomtelstra customer is a leading fintech company on the payment platform. As a fintech company that focuses its business on applications and digital transactions, they are required to not only provide the best product and customer experience, but also ensure a security system for consumers.

This is very concerning, with the number of cyberattacks continuing to increase, the security factor is a big challenge for almost all fintech today, even though they have implemented the best security system. The slightest loophole in the fintech cybersecurity system must be protected. Threats should be identified as early as possible.

Not only that, all fintech companies in Indonesia including Telkomtelstra’s customers are required to provide assurance to the Indonesian financial regulatory authorities that they comply with security requirements. Every fintech company is required to carry out a proper assessment to ensure their platform and services to customers are free from various cyberattacks. Their IT platforms and systems must also be tested, and the results must be given to regulators for review.

Complex Challenges

This certain fintech customer has recognized that their priority is to focus on preventing the rapidly growing cybersecurity threats as well as regulatory compliance. Given the large volume of sensitive data and workloads in the system, these customers need to study their security posture in the best possible way and provide comprehensive reports to regulators. The fintech company is then obliged to identify all security flaws and mitigate the risk of cyberattacks.

The challenge becomes more complex when these customers were required to carry out a security assessment and the report must be completed within 2 weeks for further review by regulators. Considering the pressing circumstance, this fintech company partnered with Telkomtelstra to provide appropriate security testing services. As a cybersecurity service provider, Telkomtelstra was required to conduct security tests on two main points.

First, performing security risk evaluations for applications, systems and business-critical networks.

Second, providing detailed recommendations about increasing the level of information system security.

The cyber-security assessment and evaluation approach that Telkomtelstra recommended to this fintech company was penetration testing or commonly known as penetration tests. The penetration test by Telkomtelstra was essentially a hacker attack simulation performed by our skilled and certified specialists (commonly referred to as ethical hackers).

Most importantly, Telkomtelstra has access and knowledge of the most advanced security testing tools used by hackers, so that we can identify weaknesses in the system before the real hackers use them to harm the business and customers of the fintech company.

During the week, Telkomtelstra’s team of accredited security experts conducted a series of tests to assess every element of this fintech system and network. The focus is to determine the extent to which hackers can gain unauthorized access to important company systems and data.

Telkomtelstra’s team is closely linked with the company’s Cybersecurity Manager and IT Manager to complete processes smoothly without affecting business operations. In doing so, the team targets to uncover a number of threats that have been previously overlooked or undetected.

Best Result

In holding a penetration test, Telkomtelstra provides seven testing stages consisting of:

  • Prior Engagement Interactions
  • Intelligence Gathering
  • Modeling test
  • Vulnerability Analysis
  • Exploitation
  • Post Exploitation
  • Reporting

From the seven stages of testing, the team can then identify vulnerabilities, weaknesses, and errors in preparing security features with a detailed explanation of the causes, possibilities and consequences of exploitation, along with assessments and recommendations for dealing with cyberattacks that can occur.

After the penetration test was carried out, Telkomtelstra was able to deliver faster results than the target that have been set by the fintech company. The team completed the service one week earlier than the expected completion date. As a result, customers were extremely satisfied with the results and subsequently have recommended Telkomtelstra’s penetration test service to a number of their colleagues. *