In the wake of rising tensions and high-profile cyber incidents like the Salt Typhoon hack, there's been intense debate about "offensive cybersecurity." Some legislators are calling for the U.S. to actively engage with adversaries like China in the cyber realm, via targeted sanctions and increased pursuit and punishment of bad actors.
Whether or not the U.S. takes a more aggressive posture toward state-sponsored cybercriminals remains to be seen, but it begs a larger question. What if we've been fundamentally misunderstanding "offense" in the digital age?
When lawmakers like Congressman Mike Waltz argue that the US needs to "go on offense" with cybersecurity, they’re talking about hitting back at the enemy, or in the case of the Salt Typhoon hack, “returning fire” and enforcing consequences for bad actors.
But, just as playing offense can look wildly different depending on the sport (punching back at an opponent in a boxing match versus scoring a 3-pointer in basketball), there is a lot of nuance in how we can define “offense” in cybersecurity.
At Virtru, we see offensive security differently than most — and potentially much more powerfully. From our perspective, going on offense means creating a comprehensive ecosystem of digital protection that anticipates, adapts, and empowers information sharing.
True offensive security isn't about launching digital missiles. It's about putting points on the board: allowing our data to move and provide value without compromising its security. Offensive security should enable streamlined collaboration, break down information silos, and proactively protect data in a way that allows both public- and private-sector entities to improve their efficiency and, ultimately, their bottom line.
Our approach to offensive security is simple: Give organizations the tools to share sensitive data with confidence, speed, and precision.
So what does that look like?
The traditional, perimeter-based cybersecurity model is reactive: Build walls, patch vulnerabilities, respond to breaches. Make no mistake, these measures are critical. But we can’t continue to only play one side of the game. As Jason Steer, CISO of Recorded Future, said so well, “We focus so much on EDR, time to detect, time to respond, that we’re not focused on the right things anymore. We can’t focus on mean time to detect, mean time to respond anymore. They’re important, but equally as important is just better controlling access to what is low, medium, high-risk data now.”
Imagine a world where:
By creating more secure, more intelligent ways of sharing data, we:
The most powerful offensive strategy isn't about retaliation. It's about creating such robust, intelligent data protection practices that potential adversaries are rendered ineffective before they can act.
At Virtru, we believe offensive security is for everyone — from the federal government and the intelligence community, to the small rural doctor’s office and the public school system. We make it easy and accessible to go on offense with your data, shielding it from bad actors while empowering collaboration.
It's time to redefine offense — not as an act of aggression, but as an act of empowerment.