CISOs' Pandemic Challenge: More Disruption, Less BudgetEY's Kris Lovejoy on Ransomware, Privacy and the Opportunity to Streamline
The ongoing COVID-19 pandemic has driven unprecedented adoption of cloud services, digital transformation campaigns and a rush to support remote workers. But it's come at a cost, says Kris Lovejoy, EY Global Consulting's cybersecurity leader.
Before the pandemic began, "what we as cyber folks were not particular good at was convincing business leaders to incorporate security into new digital initiatives," Lovejoy says. "As a result, lots of technology gets rolled out without a seatbelt, if you will."
In many cases, the pandemic has only intensified the problem. Indeed, following the outbreak, "for existential reasons, about 50% of the world introduced new technologies to enable them to communicate with customers in different ways as well as to allow for work from home, and of those, about 60% rolled out the new technology with no security," Lovejoy says. "The impact is we have a lot of security-related events, ransomware in particular," as well as a surge in disruptive events, "and then we're also seeing is budgets being cut back."
In this video interview with Information Security Media Group, Lovejoy discusses:
- Undercounting the impact of ransomware: Many attacks are not "reportable" events and thus not being publicly disclosed by victims;
- Top privacy challenges, from regulatory, business and consumer perspectives;
- The unique opportunity afforded by COVID-19 "to really streamline the controls infrastructure."
A cybersecurity, risk, compliance and governance expert, Lovejoy leads EY Global Consulting Cybersecurity services. She regularly keynotes at RSA, InfoSec and Security World conferences. Prior to joining EY, she was CEO of AI-driven network security company BluVector - until it was acquired last year by Comcast - and head of the business unit at defense contractor Northrop Grumman, from which the firm was spun out. Previously, Lovejoy served as president of Acuity Solutions, general manager of IBM's security services division, and CISO of IBM.