Bukalapak - January 2023

The future for cybersecurity is resilience

The future for cybersecurity is resilience

Flourishing in the wake of rising disruption, it is estimated that global spend on services and technologies that enable digital transformation will amount to US$1.8tn by the end of 2022 – an increase of 17.6% in investment compared to 2021.

Despite the need for innovative solutions to tackle growing demands, supply shortages and talent shortages, as well as increase transparency, resilience and agility, it is important to remember that, with more systems, comes new vulnerabilities that need to be protected.

While the benefits are clear, it will be vital to be prepared for accelerated digitalisation and understand the potential cybersecurity implications in the future, as global predictions expect 45% of organisations to experience attacks on their software supply chains by 2025.

Headquartered in Indonesia, Bukalapak’s key challenge is navigating the complex security landscape. According to a report, nearly 20,000 phishing attacks targeting Indonesia have been detected since the start of 2021, with more than one billion exposed credentials identified.

As Head of Information and Cybersecurity at Bukalapak, Yogesh Madaan is tasked with leading the company through its navigation of not only the regional but also the global threat landscape.

Yogesh Madaan, Head Information and Cybersecurity at Bukalapak, discusses the threat landscape in Indonesia and the need for resilience and talent

“There are a lot of disruptive technologies emerging that are thinking outside of the box when it comes to cybersecurity protection”

Bukalapak: The future of cybersecurity is resilience

In the last few months, Indonesia has seen a rise in cybersecurity attacks in the form of stolen data and data breaches. “Indonesia is one of the prime target for financiallymotivated ransomware gangs. In 2021, ~10% of attacks in Indonesia were ransomware attacks, ~15% were unauthorised network access sales, and more than ~50% were database sharing requests,” explains Yogesh.

“Understanding the threats is the first phase; now we need to be one step ahead of these attackers, and this is what we are trying to do at Bukalapak,” he adds.

Developing a proactive security strategy and availability management system where the company can innovate and implement solutions allows Bukalapak to assess the market vulnerabilities and be proactive in its response to securing its critical assets.

“We are ultimately trying to build an infrastructure that is resilient to any attacks. We are building a safer cyberspace for our customers and employees as well as addressing the key security risks ,” says Yogesh.

During the height of the pandemic, one of the biggest threats to organisations was the potential for attackers to use home networks to hack the wider system. “At Bukalapak, we trained our employees on how to secure their home network to educate our employees and raise awareness.

“Awareness is key in cybersecurity for anybody and everybody. These days, human beings are the weak link, so we spend a lot of effort training our employees in cybersecurity for the new technologies, as well as developing a proactive and scalable cybersecurity ecosystem, and finding the right talent,” explains Yogesh.

Closing the gaps with cybersecurity transformation

Joining Bukalapak almost 18 months ago, Yogesh’s role was to conduct an assessment of the current cybersecurity threat landscape at Bukalapak, building on ongoing efforts and establish a long-term strategy to address the future security threats –something many businesses have embarked on post-pandemic.

“I was brought in to harness my experience in the industry to provide a fresh set of eyes to identify the potential gaps and strengthen the Information and Cybersecurity domain. Today, we operate with a strong combination of teams working across vulnerability management, identity and access management, core infrastructure , governance risk and control, data security, and cloud security,” explains Yogesh.

“Our goal is to transform our team from being reactive to proactive, as well as transparent,” he adds. “This is the start of our three-year strategy. On our journey, we are also strengthening end-user security, email protection tools, and building a security operation centre. But this would not have been possible without the support, collaboration, and buy-in from internal teams, C-suite, and our partners.

EXECUTIVE BIO

YOGESH MADAAN

TITLE: HEAD OF INFORMATION AND CYBERSECURITY INDUSTRY: INFORMATION TECHNOLOGY LOCATION: SINGAPORE

Yogesh is the Head Information and Cybersecurity/CISO at Bukalapak. He is a seasoned technology leader with 18+ years of experience in information and Cybersecurity, technology risk management, regulatory compliance and controls, operational risk, data protection, cloud risk management, compliance- and conduct-related topics, outsourcing, IT account management and production support.

Yogesh holds an MBA in IT Systems, prior to joining Bukalapak, Yogesh spent his career as Head of Information and Cybersecurity, Singapore at Standard Chartered Bank in 2020 and two years as Director – APAC Technology Risk Manager at UBS AG.

CONSULT

We provide advice and recommendations that can enhance an organisation's cyber posture, strategy, and risk management.

INNOVATE

Our in-house R&D unit is the core of all our capabilities, originating AI-powered, patented cybersecurity solutions.

DESIGN & BUILD

We design and build cybersecurity infrastructure, implementing best-of-breed solutions as well as secure-by-design and zero-trust principles.

OPERATE

RESPOND

In the event of a cyber breach, our team of experts has the means and experience to help mitigate threats, and get organisations up and running in no time.

Asia’s largest, pure-play cybersecurity service provider with an end-to-end offering

We believe that cybersecurity is a journey where organisations must constantly and progressively improve to remain cyber secure. To achieve this, Ensign adopts a strategic approach in cybersecurity through our end-to-end capabilities in Consult, Design & Build, Operate, and Respond, in all domains of IT, OT, IoT, Cloud and 5G. These four capabilities are underpinned by Innovate, which is powered by Ensign Labs, our R&D unit that performs deep research into cybersecurity threats and solutions. This approach provides us with the ability, and agility to help our clients enhance their cybersecurity posture and constantly stay up-to-date to “meet the threat”.

Ensign’s AI-Powered Cyber Analytics: Generating More Differentiated Outcomes

We caught up with Charles Ng, Executive Vice President for International Business & Key Accounts for Ensign InfoSecurity, to talk about cybersecurity, R&D and Bukalapak.

“As Asia’s largest pure-play cybersecurity services provider, Ensign’s robust capabilities and end-to-end portfolio of cybersecurity solutions and services put us in good stead to help our clients enhance their security posture as they invest in digital technologies, and accelerate digital transformation,” Charles Ng says.

“We invest a significant amount of our revenue in R&D, and this translates into tangible cybersecurity outcomes and benefits for our clients. It allows us to design and deploy highly customised cyber solutions not found in

existing off-the-shelf products. Having released three patents which have been recognised as some of the best AIpowered Cyber Analytics innovations and technologies in the industry, we can address our clients’ unique security challenges. By incorporating our innovations into their systems for more accurate and efficient threat detection, we enable them to adopt a more proactive, predictive security posture to stay ahead of threat actors.”

“Ensign’s footprint across Asia, covering Singapore, Malaysia, Indonesia, Australia, Hong Kong, and South Korea is an important differentiator, especially for Indonesia-based Bukalapak. The breadth and depth of our expertise and solutions is the key reason that organisations across different geographies and industries choose to partner with us.”

Ensign’s partnership with Bukalapak

Founded in 2010, Bukalapak is Indonesia’s leading and first publicly-listed tech company dedicated to providing a fair economy for all through its creation of an online marketplace, online-to-offline platform, as well as specialised platforms. An advocate of cybersecurity, the company searched for a trusted partner who could understand their threat environment and provide end-to-end solutions. Ensign stood out with its strong capabilities - i.e., consult, design & build, operate, and respond - along with its R&D and significant coverage in Asia.

Ng adds, “Having to always be ahead of the game, we are committed to give our best to Bukalapak.”

Learn more 

They have helped us to transform our cybersecurity posture and, where required, have guided guide us in the right direction.”

Furthering its commitments to enabling a proactive cybersecurity approach, Bukalapak has been in partnership with Ensign – who helps companies to maximise both value and advantages by providing the most robust cyber-defence capabilities and services.

Security Operation Centre with Ensign Keen to partner with an organisation that could help drive the development of its Security Operation Centre (SOC), Yogesh explains why Ensign was the perfect partner for the task: “We spent conscious efforts to find the right partner who fits with our security strategy. Ever since onboarding Ensign, the organisation has been proactive

“Understanding the threats is the first phase; now we need to be one step ahead of these attackers”

Bukalapak’s partnership with Imperva supports digital growth and

program

Bukalapak is an Indonesia based tech enabler and All-Commerce company whose mission is to make a fair economy accessible for all through offline and online platforms. To protect their users, Bukalapak partnered with Imperva, a global leader in cybersecurity, to mitigate attacks from malicious actors.

While Bukalapak had an existing Cloud WAF in place, it was not meeting their needs. With a high cost of service, difficulties in reaching their support team, and a lack of PoPs in countries in which they had a large presence, a switch in solutions was pivotal; enter Imperva.

Solution

As Bukalapak increases its own companies and domains, so does the complexity increase. New environments must be protected, and Imperva’s Cloud WAF can handle such complexity.

“We need a top-notch solution to protect our infrastructure. We have a lot of data from many customers that needs to be protected. Hence, a robust WAF solution is a must and Imperva is that solution.” said Yogesh Madaan, Head Information and Cybersecurity at Bukalapak.

Support enhances the value of the solution

With such technical depth in cybersecurity, having a team that took the time to understand Bukalapak’s pain points and to explain differences in Imperva’s solution from their last was crucial.

“One of the biggest advantages we have going with Imperva is Support. And that’s how things should be,” said Madaan. “It’s very easy for companies to sell solutions, the support is where the problem lies. People don’t spend time on that, but Imperva has.”

Results

With a vast initial deployment, it was crucial to Bukalapak that their new Cloud WAF solution was well explained for overall understanding throughout their organization. “We have a lot of data that needs to be protected,” said Madaan. “Imperva stayed very patient with us. They are quite good with my team to provide us information.”

Learn more →

are adopting a coordinated approach to safeguard our important entities and systems”

“We

and supportive in addressing our security concerns. The staff are very knowledgeable in their respective domains to help us build a SOC –which we have been working on for the last three months – and guide us on various cybersecurity-related issues. Ensign has huge experience in building SOCs, working with many organisations in Indonesia and Singapore; they have a huge ecosystem of partnerships.”

2,000+

around resilience, which is important in the current cyber landscape.

The future is resilient

Looking to the future, Yogesh explains that future strategies will continue to be centred

Number

of Employees

“We are building a resilient infrastructure by adopting a coordinated approach to safeguard our important entities and systems,” Yogesh says. “We are also dedicated to building a safer cyberspace with secure authentications and authorisations for both our employees and customers to ensure that they continue to feel cyber safe.

With every development, Yogesh explains the importance of scalability and the need for developing talent: “When it comes to

A JOURNEY TO DISCOVER THE UNKNOWNS BUKALAPAK ONBOARDS QUALYS

chose the holistic Qualys VMDR solution for an accurate and complete picture of all our IT assets’ vulnerability and compliance status with insights into the most severe threats so we can respond quickly.”

As a leading online marketplace in Indonesia, Bukalapak chose Qualys’ award winning Vulnerability Management, Detection and Response (VMDR) to strengthen its overall security posture.

Qualys VMDR provides Bukalapak with a single, end-to-end solution to automatically discover, assess and remediate all of its IT assets for vulnerabilities. Today Bukalapak enjoys a much-reduced attack surface, thanks to Qualys.

Learn more

“We

developing a vibrant cybersecurity ecosystem, it is important that our solutions are scalable. We are also committed to growing our talent when it comes to cybersecurity and training our people in the right way. The industry is a very evolving field right now, so we must adopt a holistic view in order to ensure that we can deal with future challenges.”

Dedicated to being one of the cyber safe companies, the next 12 to 18 months will be centred around people, processes and technology for Bukalapak, a trend that is mirrored across industry as the world becomes more connected than ever.

“Automation is becoming increasingly important for the cybersecurity industry, along with data-driven analysis, and artificial intelligence (AI). There is a lot of work to be done, and I want to make sure we have the

DID YOU KNOW?

Application Security with Imperva

To ensure resilient security from the application security perspective, Bukalapak partnered with Imperva to simplify its application security posture. Web application attacks prevent important transactions and steal sensitive data. “Imperva Web Application Firewall (WAF) stops these attacks with near-zero false positives and a global SOC to ensure your organisation is protected from the latest attacks minutes after they are discovered in the wild. “We were looking for a tool, one that can help us meet our requirements and Imperva fits in well,” explains Yogesh.

Partnering with Qualys Vulnerability Management is a key security domain and after we moved to Qualys our reporting has gotten much better. Qualys solutions make our job easier because of the accuracy. Our teams can trust that the vulnerabilities identified are correct and accurate, and it leads to better health and better trust. Qualys provides us with real- time transparent data on the vulnerable systems which enables us to act in time and secure our systems.

“We are ultimately trying to build

that is resilient to any attacks”

talent to back up these trends and be able to identify and address any vulnerabilities,” says Yogesh.

“There are a lot of disruptive technologies emerging that are thinking outside of the box when it comes to cybersecurity protection. Ransomware for example has become a menace in the world right now. While it's hard to stop, there are companies developing disruptive technologies to do just that.”

Yogesh concludes by commenting on the rise in geopolitical tensions and their impact on the cybersecurity landscape: “Physical threats such as the war in Russia and Ukraine also enter into the cyber world, and attacks have become more prominent. It will be important as we become increasingly more connected to understand the attack surface and how we can protect it. Important elements in the future will be:

the threat landscape/impact

awareness

an infrastructure

Metropolitan Tower Lt. 7 (Mailing Room)

Jl. R. A. Kartini Kav. 14 Cilandak Barat, Kec. Cilandak Kota Jakarta Selatan, DKI Jakarta, 12430 www.bukalapak.com