Intelligent CISO Issue 28 | Page 52

COVER STORY like COVID-19 happen and your entire workforce begins working from home because your framework and strategy remain the same. I had many people reach out and ask about our security coverage for COVID-19 now that our employees are working from home – if you build your strategy and base your core controls on a known framework, you don’t have to pivot or focus on a new plan or new defence, you keep monitoring your controls and ensure they’re in place. How would you describe the current threat landscape and what steps can be taken to improve it? I think it has changed. It’s harder to see the traffic you’re trying to monitor and it’s harder to find specific anomalies that we’ve been able to look for in the past. The challenge now is how you see the remote network traffic, how you log it, build notifications, and have some comfort that you see and understand the entire picture. The challenge is now more difficult in many ways, but if you base it back to the same core control I think the market will be quite interesting during and after this pandemic and there could be a large talent pool available that already have the skills we need. requirements, then the operations are still the same overall, but you must increase your visibility into the traffic. What would be the impact of having a poor cybersecurity posture in your industry and how would this affect customers? One of the main risks in this regard would be associated with automated threats as ‘Bad Bots’ are on the rise right now, especially within eCommerce, and are in use for credential stuffing attacks that lead to account takeovers, product sniping that block or limit inventory, fake account creation leading to fraud for the customer and the company, and overall denial of service. Without controls or products in place for this, you’re doing a disservice to your customers and your business. What is Zalando doing to help close the cyberskills gap, if anything? Do you have plans to invest in this area moving forward? Within the security market, I assume it’s going to be much like it has been and we will have to continue to build these skills from within. However, I think the market will be quite interesting during and after this pandemic and there could be a large talent pool available that already have the skills we need. Regardless, Zalando offers excellent personal development training, resources and budget support for training on specific cyberskills and certifications. The Information Security unit also budgets 52 Issue 28 | www.intelligentciso.com