Cybersecurity Prioritization in 2021: A CISO's ViewBobby Ford, CISO of Unilever, to Speak at ISMG London Summit
Organizations worldwide need to make tough decisions when allocating scarce resources for data security in 2021 and beyond, says Bobby Ford, global CISO of consumer brands giant Unilever.
"Because we don't have this limitless budget, and because we don't have endless resources, we have to be able to be ruthless in our prioritization," says Ford, who will address this issue and others at Information Security Media Group's Virtual Cybersecurity and Fraud Summit: London on Oct. 20.
"You have to be mature enough to have conversations with your peers to say, 'OK, we've identified these eight or nine critical business activities, but there are 12 activities that are not critical. And I'm going to need some grace,'" Ford says.
The ISMG London virtual summit, which is free to attend, will feature a roster of experts sharing insights and in-depth analysis on the cybersecurity challenges posed by the COVID-19 pandemic and how enterprises are planning to support a remote workforce that will likely stretch into 2021 and beyond.
In addition to Ford, other featured speakers will include Jonathan Armstrong, attorney and partner at Cordery, who will speak on legal and compliance issues for European enterprises in the post-pandemic era; Jeremy King, international director at PCI Security Standards Council, who will speak on protecting payment card and personal data; and Randy Trzeciak, the director of the CERT Insider Threat Center at Carnegie Mellon University, who will address issues of payment card fraud and insider threats.
Starting the Conversation
Setting security priorities requires a clear understanding of critical business activities, Ford stresses.
"This is where we need to start the conversation on prioritization over what are the critical business activities that we're going to secure with the right stakeholders, and aligning on what we've identified is critical, and then putting our efforts and resources around that," Ford says.
One of the biggest challenges for Ford is overseeing security for a global organization that still relies on a host of legacy apps. By sticking to his philosophy of prioritization, Ford and his team can better manage these types of applications while ensuring that the rest of the company understands the risks involved.
"We definitely can't patch it, we may not be able to monitor it and we may not be able to push any type of EDR solution to it," Ford says of certain legacy apps. "So that pretty much leaves us with a huge blind spot. So again, we are having that conversation with the key stakeholders: 'How do you propose we tackle this blind spot?'"
Overcoming COVID Challenges
Ford continues to deal with the long-term implications of the remote workforce during the COVID-19 crisis and beyond. He and his team are working on providing technologies, such as endpoint detection and response and mobile device management, to help ensure security.
"I believe that there's a responsibility from the cyber perspective to enable the user to operate in a secure environment, regardless of if they're in the office, if they're in a coffee shop or they're in a hotel," Ford says.