Indonesian Political, Business & Finance News

Hacker Threats Run Rampant: How BNI Secures Customer Data

| Source: CNBC Translated from Indonesian | Banking
Hacker Threats Run Rampant: How BNI Secures Customer Data
Image: CNBC

With hacker attacks becoming increasingly massive and employing various methods, BNI has its own ways to protect its customers. One of them is combining frameworks used in the banking environment.

BNI’s Chief Information Security Officer, Kirby Chong, explained that BNI uses international frameworks as well as those from Bank Indonesia and the Financial Services Authority.

“The framework we use is NIST-CSF, which consists of five pillars: Identify, Protect, Detect, Response, and Recover. With just these five pillars, it actually only covers a large area. After that, we also combine it with CIS-CSC,” Kirby explained at the CNBC Indonesia Tech & Telco Forum 2026 in Jakarta on Wednesday (6/5/2026).

“In CIS-CSC, there are a total of 18 controls with 153 detailed subcontrols simultaneously,” he added.

With this combination, he stated that it helps to view the organisation holistically. For example, conducting identification, protection, responding to something, and performing recovery.

All of this, he said, is done at all levels. Including to cover operational technology and information technology.

Furthermore, BNI also uses in-depth defence with various solutions such as controls, protection, detection, and recovery methods. He added that the company has a special team with a next-generation security operations centre or Gen-SOC.

“The point is that we won’t rely on traditional SIEM solutions. We use all the logs we get, and we can also obtain information that is not just from log level. So we can cover both logs and non-logs or non-text formats—what we can collect, what we can correlate all together in our NG SOC, we can do,” said Kirby.

Finally, Kirby explained that they adopt a zero-trust framework. This means BNI uses the principle of ‘never trust’ and ‘always verify’.

“The principle of never trust and always verify is now adopted with the dual framework we mentioned from the start. Perhaps with these points, we can include that the framework already has ways to implement, ways to operate, and we cover from end to end,” he stated.

View JSON | Print