Working as an intelligence officer taught me a lot about the value of information. I learned that information owners are usually not the ones who assign value to their information. An owner might think she knows what her information is worth. She might even be right. But invariably, information is subject to market forces like everything else; and in the market for information, those seeking it determine the value.

Working as a network security professional reinforced these lessons and showed me how broad the principle is. Organizations understand that they must protect data assets such as research plans, financial reports and private data. Yet that organization may not adequately protect network resources for technical or budgetary reasons. The organization may not even believe the information on the network is worth anything to anyone.

The problem is a lack of education on the nature of information and of security threats. Information is not discrete, as much as we like to pretend it is. Information is a process by which more and more of a thing is revealed. The weak password or executed e-mail attachment leads to a low-level breach, which leads to access to other resources, many of which have other vulnerabilities. Many of the worst security incidents begin small.

Most of us who follow the rules and live moral lives have a hard time entering the mind of the criminal who seeks to do us harm. We may be correct that there is nothing of interest on our system, from a data perspective. But to the proficient hacker, the system itself is a resource and can be turned into the platform from which further attacks are launched. The goal the hacker seeks is to mislead about the real perpetrator — namely us and not him.

Today's networked environment is growing at a phenomenal rate, with new technologies such as wireless networking promising to radically change the ways we use networks. But the dark side has kept pace as well, and hackers, worms, identity theft and cyber-terrorism are more dangerous today than ever.

Our networks are integrating with our lives: Economies, infrastructures and services are becoming increasingly dependent upon information technologies and networks. A risk to one becomes a risk to the other. This makes information security more than simply a “techie” issue. We all have a responsibility to make sure that our families, friends and fellow citizens do not suffer hurt and loss because of our actions or our failure to act. Increasingly, security and privacy breaches reflect as badly on the businesses, technology companies and organizations that experience them as they do on the hackers themselves.

If the security of our networks is going to improve, we must all take a personal and professional interest in making such security a priority. As individuals, we should make sure that our home systems are protected, we are careful with our information online, and we educate ourselves on the risks of the Internet. As professionals, we should adopt a policy of first thinking and acting locally to ensure the safety of our networks and the information they carry. Get involved to effect a change.

The simple fact is that one incident can cost a company millions of dollars. Most of us would not drive recklessly, do our jobs in a deliberately negligent way, or knowingly compromise the safety of those we care about. Why should the way we view our information and networks be any different?

Lance Hayden is a consultant based in Austin, TX, and an academic at the University of Texas, working in the area of information security.

Want to use this article? Click here for options!
© 2007 Penton Media, Inc.