Bukalapak: The future for cybersecurity is resilience

Flourishing in the wake of rising disruption, it is estimated that global spend on services and technologies that enable digital transformation will amount to US$1.8tn by the end of 2022 – an increase of 17.6% in investment compared to 2021. 

Despite the need for innovative solutions to tackle growing demands, supply shortages and talent shortages, as well as increase transparency, resilience and agility, it is important to remember that, with more systems, comes new vulnerabilities that need to be protected. 

While the benefits are clear, it will be vital to be prepared for accelerated digitalisation and understand the potential cybersecurity implications in the future, as global predictions expect 45% of organisations to experience attacks on their software supply chains by 2025.

Headquartered in Indonesia, Bukalapak’s key challenge is navigating the complex security landscape. According to a report, nearly 20,000 phishing attacks targeting Indonesia have been detected since the start of 2021, with more than one billion exposed credentials identified. 

As Head of Information and Cybersecurity at Bukalapak, Yogesh Madaan is tasked with leading the company through its navigation of not only the regional but also the global threat landscape. 

In the last few months, Indonesia has seen a rise in cybersecurity attacks in the form of stolen data and data breaches. “Indonesia is one of the prime targets for nation state-sponsored access, as well as financially-motivated ransomware gangs. In 2021, 10% of attacks in Indonesia were ransomware attacks, 15% were unauthorised network access sales, and more than 50% were database sharing requests,” explains Yogesh.

“Understanding the threats is the first phase, now we need to be one step ahead of these attackers, and this is what we are trying to do at Bukalapak,” he adds.

Developing a proactive security strategy and availability management system where the company can innovate and implement solutions allows Bukalapak to assess the market vulnerabilities and be proactive in its response to securing its critical assets. 

“We are ultimately trying to build an infrastructure that is resilient to any attacks. We are building a safer cyberspace for our customers and employees as well as addressing the key security risks ,” says Yogesh.

During the height of the pandemic, one of the biggest threats to organisations was the potential for attackers to use home networks to hack the wider system. “At Bukalapak, we trained our employees on how to secure their home network to educate our employees and raise awareness. 

“Awareness is key in cybersecurity for anybody and everybody. These days, human beings are the weak link, so we spend a lot of effort training our employees in cybersecurity for the new technologies, as well as developing a proactive and scalable cybersecurity ecosystem, and finding the right talent,” explains Yogesh.  

Closing the gaps with cybersecurity transformation

Joining Bukalapak almost 18 months ago, Yogesh’s role was to conduct an assessment of the current cybersecurity threat landscape  at Bukalapak and build on ongoing efforts and establish a long term strategy to address the future security threats.something many businesses have embarked on post-pandemic. 

“I was brought in to harness my experience in the industry to provide a fresh set of eyes to identify the potential gaps and strengthen the Information and Cyber Security domain. Today, we operate with a strong combination of teams working across vulnerability management, identity and access management, core infrastructure , governance risk and control, data security, and cloud security,” explains Yogesh. 

“Our goal is to transform our team from being reactive to proactive, as well as transparent,” he adds. “This is the start of our three-year strategy. On our journey, we are also strengthening  end-user security, email protection tools, and building a security operation centre. But this would not have been possible without the support, collaboration, and buy-in from not only internal teams C-suite, and our partners. They have helped us to transform our cybersecurity posture and where required guide us in the right direction .” 

Furthering its commitments to enabling a proactive cybersecurity approach, Bukalapak has been in partnership with Ensign – who helps companies to maximise the value and advantages by providing most robust cyber-defence capabilities/services.

Security Operation Centre with Ensign 

Keen to partner with an organisation that could help drive the development of its Security Operation Centre (SOC), Yogesh explains why Ensign was the perfect partner for the task: “We spent conscious efforts to find the right partner who fits with our security strategy. Ever since onboarding Ensign, the organisation has been proactive and  supportive in addressing our security concerns. The staff are very knowledgeable in their respective domains to help us build a SOC – which we have been working on for the last three months – and guide us on various cybersecurity-related issues. Ensign has huge experience in building SOCs, working with many organisations in Indonesia and Singapore; they have a huge ecosystem of partnerships.”

The future is resilient

Looking to the future, Yogesh explains that future strategies will continue to be centred around resilience, which is important in the current cyber landscape. 

“We are building a resilient infrastructure by adopting a coordinated approach to safeguard our important entities and systems,” Yogesh says. “We are also dedicated to building a safer cyberspace with secure authentications and authorisations for both our employees and customers to ensure that they continue to feel cyber safe 

With every development, Yogesh explains the importance of scalability and the need for developing talent: “When it comes to developing a vibrant cybersecurity ecosystem, it is important that our solutions are scalable. We are also committed to growing our talent when it comes to cybersecurity and training our people in the right way. The industry is a very evolving field right now, so we must adopt a holistic view in order to ensure that we can deal with future challenges.”

Dedicated to being one of the cyber safe  companies, the next 12 to 18 months will be centred around people, processes and technology for Bukalapak, a trend that is mirrored across industry as the world becomes more connected than ever. 

“Automation is becoming increasingly important for the cybersecurity industry, along with data-driven analysis, and artificial intelligence (AI). There is a lot of work to be done, and I want to make sure we have the talent to back up these trends and be able to identify and address any vulnerabilities,” says Yogesh. 

“There are a lot of disruptive technologies emerging that are thinking outside of the box when it comes to cybersecurity protection. Ransomware for example has become a menace in the world right now, and it’s hard to stop, but there are companies developing disruptive technologies to do just that.”

Yogesh concludes by commenting on the rise in geopolitical tensions and their impact on the cybersecurity landscape: “Physical threats such as the war in Russia and Ukraine also enter into the cyber world and attacks have become more prominent. It will be important as we become increasingly more connected to understand the attack surface and how we can protect it. Important elements in the future will be: 1) Identifying the threat landscape/impact; 2)secure access management; 3) Security Monitoring  4)and Security Awareness