Testimony of Bill Conner, President and CEO of Entrust
Before the Subcommittee on Communications and Technology
of the Energy and Commerce Committee
U.S. House of Representatives
Part 3
The Zone Defense
Sadly, the football season is officially over. However, it seems to me that cyber defense is much like playing defense in football — you don’t know what play the other team is calling, therefore, you need to defend against everyone. We first need to understand what offensive strategy we are up against. If the offense sees a hole in your front line, they will exploit it. If they see you are exposed in the secondary, they will attack there. And they will keep trying new angles until you react to shut down that vulnerability.
Cyber security is much the same way — businesses do not know how they will be attacked. They don’t know if the threat comes due to a download from an employee surfing the Web, via an attack from within, or from a virus that may have entered the system on an email. What we do know is, that to win, large government and private organizations of all sizes need to have a strategy to deal with the range of threats. If we wait until we are hacked, it’s too late.
Cybercriminals will search for that open door and if they find it, they will wreak havoc on data and possibly divert a company’s payments or IP to the bad guys. Consider the amount of time and money it takes a company that has lost all its data to a cyber-attack — not to mention the significant hit to the credibility they lose with their customers if a cybercriminal stole personal information.
Let’s be clear. What we face is a threatening cyber environment where warfare is being conducted by foreign governments, international crime rings and common thieves in the U.S. It takes everyone — government, major organizations, small businesses and individuals — working together to defeat those forces.
By Bill Conner