With more than 3,300 employees and 25 million customers worldwide, Just Eat is a world leader in online and mobile food ordering.
We spoke to the company’s CISO Kevin Fielder about his journey into cybersecurity and the daily challenges he faces in this high-pressured role.
Just Eat is a leading global marketplace for takeaway food delivery operating in 12 markets.
It is headquartered in London and provides customers with an easy and secure way to order and pay for food from over 100,000 restaurant partners.
As Chief Information Security Officer, Kevin Fielder is responsible for ensuring the company has a robust cybersecurity programme in place.
We spoke to him to find out more about some of the challenges he encounters in this position…
What prompted your interest in a career in cybersecurity?
There’s always something new to learn – this industry is always evolving and is extremely fast-paced. Essentially, we need to ensure that we’re always one step ahead of any potential threats. This is one of the biggest challenges but also one of the things that I love most about my job.
The cybersecurity challenges faced by Just Eat
Cybersecurity challenges aren’t strictly unique to a single business. Businesses of a similar size and sector often face the same pattern of threats.
An online business which is customer-focused and operates internationally will often have a huge breadth of data, spread across different providers for different business capabilities. To manage and understand these systems is essential.
As a leading marketplace operating in multiple countries, keeping up with the diverse range of regulations globally is also key to managing the landscape of threats internationally and ensuring we’re appropriately secure and compliant across different regions.
The biggest current global threats
Cybercrime is a lucrative and organised business that operates across national boundaries. This coupled with the relative anonymity provided by the Internet, makes attributing these crimes an ongoing challenge.
Once an attack is out in the public, it is accessible to others so an advanced state level threat this year is something available to everyone as soon as it has been used.
That’s why it is critical for a CISO to have an understanding of the different threats that are out there, along with understanding business models and goals in order to be able to appropriately monitor and protect our systems.
Addressing the cyberskills shortage
While specialist jobs requiring niche skill sets can definitely be a challenge, there are ways to improve and expand your candidate pools. Experience is, of course, important, but when recruiting, companies would do well to consider how they could broaden the skill sets they’re seeking.
Just Eat is committed to helping its employees grow and, in my team, we are always keen to recruit people from other parts of the business who have a passion and dedication to learn, even if they have little experience in security.
For example, we invite colleagues to join our team on secondments – not only providing them with an opportunity to see if security is right for them but giving us access to their knowledge about the wider business. We also take on apprentices to give them an opportunity to learn about security and help them identify which parts of the role they like most.
We’re passionate about inspiring the next generation of talent and, in February 2018, we launched Just Eat’s STEM Ambassador programme. We now have more than 80 STEM ambassadors working with young people across the UK to inspire and educate them about careers in technology. Programmes like this are invaluable in addressing skills shortages as they bridge the gap – educating students about the industry from a young age.
The global impact of GDPR
GDPR has improved the focus on what data people collect and how that data is handled. Since implementation, the regulations have also raised customer awareness around privacy – helping people to understand how their data is being used but also encouraging them and the businesses they use to take care of how they handle the data they have.
Best practice advice for CISOs when assessing which solutions are best for their organisation/business
It is important to get the basics right first and this isn’t easy to achieve. The majority of breaches start off with something simple such as clicking onto an email with recent research showing that the majority of breaches start with a phishing email or compromise of known vulnerabilities. It is critical to have the right solutions in place to protect the business and to continually monitor these tools across the board to ensure they are working as expected.
I also encourage my team to work with peers from similar environments. I often network with other CISOs as this is a great way to share ideas and learn from each other. We’re often trying to solve the same problems – so it is always useful to find out what other people in similar environments are doing and what solutions have worked well for them. The whole idea is to get better together through collaborating and sharing as much as possible.
It is essential to evaluate how different solutions solve real world problems. CISOs should always approach procurement from the point of view of what that solution will bring to their business specifically. This includes how it fits with the rest of their security architecture and processes, considering the impacts of implementing it from management overhead, useability to process changes that may be required. Understanding the challenges your business faces, enables you to safeguard your business against them in the best way possible.
Looking ahead: threat evolution over the next few years
By 2022, it is predicted that the total number of connected ‘Internet of Things’ sensors and devices are set to exceed 50 billion – this is an increase of 140%. While this will no doubt increase convenience and make life easier in many ways, this increased connectivity also multiplies the external touch points and risks faced by businesses.
It will be more important than ever to ensure that as more physical products such as pacemakers and connected cars move online, these devices and sensors remain secure and maintainable to close off the path for potential threats.
The importance of collaboration in cybersecurity
We need to continue collaborating; move beyond just sharing intel to really working together to improve security for all – many of us are solving the same issues so let’s do it together.
Our teams are critical, we need to continue building high performing teams and work really hard to give your people great career progression.
It is also key to understand your business. This is fundamental to protecting it from any challenges or threats and helping the business to stay secure overall.