CEO Ellison Anne Williams talks nation-state threats and encryption with CSO Online
When nation-state attackers are going after sensitive information, such as intellectual property, devaluating that information can be effective, says Ellison Anne Williams, founder and CEO at Enveil, who spent 12 years as a researcher for the NSA. That means encryption, she clarifies. "Take what they're going to try to steal, and make it useless to them," she says.
Companies typically focus on encrypting information with commercial value, such as credit card and social security numbers. Nation-states, however, may be looking for information about industrial processes, business deals of strategic importance, or even embarrassing personal information that can be used for blackmail or disruption. This kind of information may be less well protected, not protected at all, or even shared with small service providers without good security processes in place.
Williams could not comment on the specifics of her work at the NSA, but did say that, despite movies and TV, encryption does work. "If you use good secure, encryption, it's difficult to break no matter who you are," she says. "Images of teenagers breaking real encryption are just fantasy."
When encryption does fail, it's usually due to problems with implementation and configuration, she added. "You have to make sure it's configured correctly, using the appropriate bit level of security, and are monitoring it," she says.
Read the full article.