Last year we saw the beginning of a change in attitude to information security, with a growing realisation that highly sophisticated attacks (such as Stuxnet) can and do happen. The threat is now taken much more seriously and new actions are being taken, at least by government. That’s a useful step forward. But neither government nor industry appears to have grasped the broader implications of the changes introduced by the information age, of which threats are just one component.
More significantly for security is the inevitable shift in behaviour towards information management. We are entering an age when the value of intellectual assets resides much more in exploitation than possession. Or, as Alvin Toffler put it several decades ago, it’s the information flows – not stocks – that really count. This trend is regularly accelerated by step changes in the ease of information sharing.
That’s why attempts to stamp out leaks are mostly doomed to failure, as illustrated by the recent leak of a US government strategy to prevent leaks. The proposed solution is far too weak to tackle the growing problem space. Instead, we need to rethink our philosophy towards information management. The key to the future is openness and trust, not secrecy and caution.