I believe that the state of global information security efforts is dismal. Cybercrime, fraud, corporate espionage and threats to critical infrastructure are escalating at a record pace, and we can all count on the fact that things are certain to become much worse over this decade. Most often, the conversations surrounding the expansion of information technology are focused on access, censorship, and commercial viability. The advent of the Internet is often compared to that of the development of national electrical grid or telephone communications systems in the early twentieth century.

Yes, every effort needs to be made to enhance DLP, but the focus of information security – our combat strategy – needs to make a fundamental shift away from the notion that we can really keep the bad guys out. The new paradigm for information security needs to centre around resiliency, which consists of three basic elements:  detection, isolation, and mitigation for the sake of continuity of operations.

Much can be learned from the evolution of physical security efforts and applied to the cyber realm. DLP is the fence, and is vital for a comprehensive strategy – but fences have long demonstrated their inability to keep out all who would seek trespass. Throw in some electronic surveillance for the purpose of detection, some automated lock down mechanisms on all access points to ensure isolation, and a half dozen security guards with nightsticks to rush in and mitigate the situation by pummeling the intruder, and you have the makings of a quality physical security protocol.

Data breaches are like the common cold – we can all be assured of the fact we will suffer one sooner or later, and with varying degrees of severity. With that fact in mind, would you rather have a medicine cabinet full of products that claim to prevent an infection, or one full of products that ease the impact of an infection by relieving the symptoms so you can get on with your day?  I choose the latter.