InterviewPublicationsT.I.C. - Informatique

Lazada: Fighting Cybercrime, on the Defence with AI

FOCUS #69 - Franck Vervial, Head of Cybersecurity Operations at Lazada shares during an interview the importance of Cyber Security for Lazada.

How important is cybersecurity for Lazada? What are today’s concerns?

Cybersecurity is an integral part of Lazada’s identity and a differentiator between us and our competitors. Nothing is more important to us than our customers - both buyer and sellers - and protecting their data is our responsibility. Lazada has been investing a lot in cybersecurity for many years in order to protect our customers data (we have millions of daily users). Today, our cybersecurity team is made up of 40 professionals and we are still growing.

Nowadays, everything is interconnected and any software or system is vulnerable. We cannot rest on our laurels, thinking that we will never be hacked. Cybercriminals are well-organised and can attack from anywhere in the world through the internet. They sell personal data, credit card numbers and even Distributed Denial of Service (DDoS) on the dark web in exchange for money. Companies who are not well protected will suffer from DDoS, intrusion, malware, etc. A challenge for a major e-commerce company like Lazada is to stay safe and secure. We need to be nimble enough to adapt to everevolving risks to protect the business. Also we operate at scale: we process huge amount of data and have to analyse in real time to pick up any malicious activity.

 

What is your approach at your organisation at Lazada?

Standard approaches to cybersecurity do not work in our context. For example, our websites have thousands of pages, and the content changes daily. It is impossible to rely on a manual approach. Instead, we invest heavily on automation and artificial intelligence. There is hardly any need for human intervention as automation frees up the people and man-hours required to monitor alerts and respond to them manually.

For example during web attacks, we can block about 10 millions of malicious requests per month with our WAF (Web Application Firewall). This technological innovation was developed by Alibaba. Our web traffic is automatically analysed by our big-data platform and machine learning algorithms to detect malicious traffic. When a vulnerability is detected and can be blocked by our WAF, it is completely automated. The only human intervention needed is reviewing potential false-positives (a false positive is when there is an alert triggered by a genuine activity) that has been detected by AI algorithms.

So our approach is to collect comprehensive and relevant data, define/implement detection algorithms and automated responses, analyse alerts for potential false-positive and sharpen our algorithms. To ensure we are always spot-on, we constantly test our defences with our cybersecurity teams.

 

What do you find the biggest challenge in safeguarding a cybersecure ecosystem for Lazada?

One of our main challenges is to find cybersecurity professionals who can outsmart the bad guys who are trying to hurt us. Cybersecurity professionals, like Data Science specialists, are one of the most in-demand people today. As we rely massively on automation and artificial intelligence, we need to recruit the best and the brightest to run and implement the automation and train the AI. What matters most are the human brain and wits behind the machine.

Close

We’ve revamped our website