GAC: Cybersecurity is everyone's responsibility, Ridge says
WASHINGTON (3/12/15)--The digital sun will never set, and we will live in the digital age forevermore, said former Pennsylvania Gov. Tom Ridge at CUNA's Governmental Affairs Conference Wednesday. This means the threat of cybercrime will forever be present.
Ridge, the first head of the U.S. Department of Homeland Security and the last keynote speaker at this year's GAC, spoke about the digital age and its many advantages and pitfalls.
Given the massive space the Internet occupies, and given the increasing number of cyberattacks and cybercriminals that populate that space, he informed the room full of credit union leaders that the reality is that cybercrime will permanently be an issue.
"These digital trespassers are motivated, they are resourceful, they are focused and unfortunately many of them are extremely well-financed," Ridge said, adding, "Cyber soldiers are asymmetric fighters. They eschew traditional battlefield strategy and tactics. They camouflage their identity and their activity, and it's easily done in the vast, open and often undefended spaces of the Internet."
Ridge also expressed his belief that the government moves far too slowly for the public and for businesses to rely on it for protection from cybercriminals.
Instead, the former Homeland Security chief said, people and organizations such as credit unions--even if they're small in size--must take it upon themselves to protect their members and their members' data.
He also said that he "tipped his hat" to CUNA for recognizing credit unions that have taken advanced measures in data security recently through the CUNA Technology Council's Best in Show awards.
"The ultimate responsibility to protect the company, to protect a credit union, to protect your digital ecosystem, is going to really depend on you and the kind of resources and investment and attention that financial services pays to it," Ridge said.
"At the end of the day I think everybody has a responsibility to provide some minimum level of assurance within their company to their employees, their shareholders, to their members," he added. "That they've taken minimum steps to reduce the risk of a breach and the extraction of information."