Not all turbulence is felt at 30,000 feet up in the skies. Even as passengers brace themselves for rough weather, a cyber storm is quietly brewing in the digital realm for the aviation industry.
Last year, Indonesia experienced one of its worst cyberattacks in recent years, when a ransomware attack on the country’s national data center took down hundreds of central and local state agencies. The aviation sector was not spared, as the attack disrupted immigration services and affected operations at Indonesia’s major airports for days.
A week later, reports surfaced that Indonesia’s civil aviation authority also suffered a massive security breach, with a threat actor claiming to have accessed critical data related to the handling of air traffic in the country.
These incidents show just how vulnerable Indonesia’s aviation sector can be, amidst escalating cyber threats. Globally, the aviation sector recorded 27 major attacks by 22 ransomware groups between January 2024 and April 2025 alone. Airlines must brace for a turbulent journey ahead and actively strengthen their defenses to combat the growing cyber threat.
Warning: Cyber turbulence ahead
The aviation industry sits on a goldmine of personal data. These include passenger identities, payment information, travel itineraries, and loyalty program records, making it a prime target for bad actors seeking to exploit personal data for financial gain. Yet, many airlines and airports remain surprisingly vulnerable to cyber threats.
A major contributing factor is legacy infrastructure. While airplanes have evolved rapidly, backend IT systems have not. Many still rely on ageing operational infrastructure that isn’t built to withstand modern threats. These legacy systems remain connected to live networks and third-party platforms for efficiency, which can open digital backdoors for bad actors.
The industry’s heavy reliance on third-party providers, from booking engines to customer service portals, also amplifies the risk. Weaker security controls anywhere in the supply chain can compromise the entire network. Case in point: A cyberattack on Qantas Airways earlier this year, which exposed sensitive data from over 5.7 million customers, originated from a third-party platform used by its contact centre.
Moreover, bad actors are no longer relying solely on malware or brute force. They are increasingly exploiting weaknesses in human behaviour to infiltrate network systems. In fact, compromised-credential attacks have been the most common threat vector over the past decade.
Groups like Scattered Spider, believed to be behind the Qantas breach, are masters of social engineering. They impersonate airline employees or IT contractors to trick help desks into granting them access to the airlines’ networks. Once inside, they can exfiltrate data and deploy ransomware across critical systems.
Flying smarter with AI
As airlines confront a new era of digital threats, legacy security tools are no longer sufficient to combat the ever-evolving, highly sophisticated threat vectors.
AI-powered cybersecurity solutions are changing the game. For example, User and Entity Behaviour Analytics (UEBA) solutions use machine learning and behavioural analytics to establish a baseline of normal user and entity activity. By continuously monitoring and comparing real-time behaviour against this baseline, UEBA can detect anomalous activities and instantly escalate the case to the security team before damage is done. This ability to detect and respond faster can mean the difference between a contained incident and a major breach.
Navigating cyber turbulence with confidence
Airlines must adopt a multi-pronged approach to fortify their cyber defences. Security tools aside, this begins with building a strong internal culture of security, where comprehensive cybersecurity awareness training for all employees is not just a policy but a shared responsibility. A well-informed workforce is a powerful first line of defence, better equipped to protect organisational data and assets and identify vulnerabilities before they escalate into major breaches.
This internal vigilance must then extend to external partnerships. Airlines must strengthen their third-party risk management by conducting a thorough risk assessment of vendors to evaluate their cybersecurity posture. They need to ask critical questions about the vendor’s security controls, policies, and incident response capabilities to ensure that external vendors can keep their customers’ data secure.
These efforts should also be complemented by oversight from the public sector, which recognizes the aviation industry as a critical national asset. Indonesia has taken decisive steps to strengthen its aviation sector in recent years, establishing the Indonesian Aviation Sector Computer Security Incident Response Team (IAS-CSIRT). This dedicated team reviews incident reports and activities, ensuring a swift, coordinated response to incidents in the aviation sector.
Charting a safe flight path ahead
Just one cyber incident alone can result in millions lost from flight delays, rebookings, customer churn, and legal costs. Beyond immediate operational disruption, reputational damage can erode hard-won customer trust for years.
Given the consequences, it is imperative that the aviation sector invest in advanced threat detection and response capabilities, strengthen third-party risk management, and foster a culture of constant cyber vigilance. When digital turbulence strikes, having a strong cybersecurity defence posture will ensure a safe landing for the aviation industry.
Gareth Cox is Vice President, Asia Pacific & Japan at Exabeam. He leads the sales and go-to-market strategy for Exabeam across Asia Pacific and Japan (APJ). He helps organizations in Australia, New Zealand, Japan, and Southeast Asia defend against evolving cyber threats by augmenting their security operations with AI and automation.
Gareth is a valued advisor in cybersecurity and technology, known for building trusted relationships with clients and partners across APJ and consistently delivering exceptional service. A seasoned sales leader with over 25 years of experience, he has a proven track record of driving growth for top technology companies. Since joining Exabeam in 2018, Gareth has been instrumental in the company’s expansion in APJ, overseeing a more than tenfold growth in its customer base across the region.
Before joining Exabeam, Gareth served as the Regional Director of Cloud Security for APJ at Skyhigh Networks. There, he launched their Cloud Access Security Broker business, successfully deploying solutions for Fortune 500 clients and establishing a robust partner ecosystem. Skyhigh Networks was later acquired by McAfee in January 2018. He also previously managed the Financial Services business for Check Point Software Technologies.
TNGlobal INSIDER publishes contributions relevant to entrepreneurship and innovation. You may submit your own original or published contributions subject to editorial discretion.
Featured image: Fasyah Halim on Unsplash