The multinational company is implementing measures to develop resilience and active cyber defenses around the globe, senior executive Bobby Ford said. He emphasized the importance of addressing the company's biggest risks and advocated development of a strategic cyber security workforce
Cyber security is a key priority in the operations of Unilever, one of the largest global consumer goods companies.
As part of its strategy, the giant company is identifying online risks, deploying protective technologies and raising cyber awareness among its employees, a top executive said on January 29 at the Cybertech Global 2020 conference.
"Our goal is to create a safe and secure operating environment regardless of where we're operating," said Bobby Ford, Unilever's vice president and global CISO. "We have 170,000 employees all over the world in about 190 countries."
The multinational company has a vast portfolio of several hundred brands such as Lipton tea, Dove soap, Knorr soups, Hellman's sauces and Ben & Jerry’s ice cream. Ford said Unilever is the number one manufacturer of soup, soap, ice cream and tea.
In a fireside chat with moderator Yossi Vardi, chairman of the Cybertech conference, Ford said he was introduced to information security during his service in the military.
"My approach has always been exactly the same. The first approach is I want to know what the organization is doing. I want to understand at a foundational and fundamental level what the organization is doing. What's at the top of its mind, what's strategic, what are the priorities."
"Then once I know what the organization is doing, I want to know what the adversary is doing. Because I want to make sure that I have plans in place and strategies in place that address what the adversary is doing."
I also want to know what my peers are doing because I don't know it all, I can't do it all. And so I want to make sure that I have great relationships. Again, one of the great drivers for me having all of the visits that I've had to Israel is knowing what my peers are doing," said the CISO. "I mean my peers in the information security cyber domain."
The company is training its employees to be aware of cyber risks, he said. "We try to make sure that we explain it in layman's terms. Make sure that we explain it in a basic way that's easily understood. But more importantly than that we want to make sure that we have controls in place."
Ford pointed out that although employees have the responsibility recognize some things, they can't recognize all the risks they face. "So we have to make sure that we deploy the right kind of technologies to protect them even when they don't know they're being protected."
He emphasized that it is important to prioritize the company's biggest risks, identify its riskiest users, and then focus on addressing them. "I think one of the challenges we have in cyberspace is that we think we can do everything. And we simply cannot."
"If you do nothing else, prioritize," he said.
As to whether management is being careful enough regarding the threat of hackers, he said security professionals have an obligation to explain it to management. "I always say if they don't understand, it's because you didn't explain it. So you have a responsibility to make sure that you explain it in terms."
"As security professionals, we have to accept the responsibility that no matter what happens, we'll be blamed. And so if you're not comfortable being blamed, I would say do something else outside of operations. Because regardless, you will be blamed."
In addition, he said he was not sure that Unilever would develop a huge cyber workforce despite the company's global scale and the exponential growth in demand for human resources worldwide.
"In the kind of journey that we're on, I want to automate as much as possible and then have the cyber security experts that are in-house focus on cyber security. So I want a very elite, strategic group of individuals," akin to special forces, rather than a massive workforce, he said, adding that such a group would enable the company to be strategic and more agile in cyber.
