Business Continuity Management / Disaster Recovery , COVID-19 , Governance & Risk Management

Cybersecurity Prioritization in 2021: A CISO's View

Bobby Ford, CISO of Unilever, to Speak at ISMG London Summit
Cybersecurity Prioritization in 2021: A CISO's View
Bobby Ford, Global CISO, Unilever

Organizations worldwide need to make tough decisions when allocating scarce resources for data security in 2021 and beyond, says Bobby Ford, global CISO of consumer brands giant Unilever.

See Also: Live Expert Panel | Threat Detection & Incident Response for IoT

"Because we don't have this limitless budget, and because we don't have endless resources, we have to be able to be ruthless in our prioritization," says Ford, who will address this issue and others at Information Security Media Group's Virtual Cybersecurity and Fraud Summit: London on Oct. 20.

"You have to be mature enough to have conversations with your peers to say, 'OK, we've identified these eight or nine critical business activities, but there are 12 activities that are not critical. And I'm going to need some grace,'" Ford says.

The ISMG London virtual summit, which is free to attend, will feature a roster of experts sharing insights and in-depth analysis on the cybersecurity challenges posed by the COVID-19 pandemic and how enterprises are planning to support a remote workforce that will likely stretch into 2021 and beyond.

In addition to Ford, other featured speakers will include Jonathan Armstrong, attorney and partner at Cordery, who will speak on legal and compliance issues for European enterprises in the post-pandemic era; Jeremy King, international director at PCI Security Standards Council, who will speak on protecting payment card and personal data; and Randy Trzeciak, the director of the CERT Insider Threat Center at Carnegie Mellon University, who will address issues of payment card fraud and insider threats.

Starting the Conversation

Setting security priorities requires a clear understanding of critical business activities, Ford stresses.

"This is where we need to start the conversation on prioritization over what are the critical business activities that we're going to secure with the right stakeholders, and aligning on what we've identified is critical, and then putting our efforts and resources around that," Ford says.

One of the biggest challenges for Ford is overseeing security for a global organization that still relies on a host of legacy apps. By sticking to his philosophy of prioritization, Ford and his team can better manage these types of applications while ensuring that the rest of the company understands the risks involved.

"We definitely can't patch it, we may not be able to monitor it and we may not be able to push any type of EDR solution to it," Ford says of certain legacy apps. "So that pretty much leaves us with a huge blind spot. So again, we are having that conversation with the key stakeholders: 'How do you propose we tackle this blind spot?'"

Overcoming COVID Challenges

Ford continues to deal with the long-term implications of the remote workforce during the COVID-19 crisis and beyond. He and his team are working on providing technologies, such as endpoint detection and response and mobile device management, to help ensure security.

"I believe that there's a responsibility from the cyber perspective to enable the user to operate in a secure environment, regardless of if they're in the office, if they're in a coffee shop or they're in a hotel," Ford says.

About the Author

Akshaya Asokan

Akshaya Asokan

Former Senior Correspondent, ISMG

Asokan was senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.