Painting a nightmarish picture of escalating data leakage and uncontrollable malware levels Thompson said that now was the time for corporations to rethink their approach to security.
“If growth of malicious software continues to grow at its current rate then techniques like white listing will become much more critical” he said.
“We need to fundamentallly shift to an information-based approach to security. Trying to protect all data is pointless. We need to move to protecting only critical data and we need to look at how data is being used” he told a packed main hall at the RSA Conference, being held this week in San Francisco.
Thompson also said that it was time that all business leaders were involved in setting security policies. “The CEOs, CFOs – executive involvement is crucial to building a culture of security in the workplace.” he said
Appealing to the audience he stated that: “It’s time to make decisions. It’s time to forge the relationship with the business leaders Security is now everyone’s job not just the IT department”.
Thompson said that he believed it would take five to ten years for systems to emerge that married security and information in an holistic way. But he was openly critical of vendors that persisted in delivering endpoint and network security solutions. “There are still those who cannot see the future – we need a society in which the value of information is understood by all." he said. “What’s needed is a broad set of solutions that can enable an information centric approach to security”.
In the same speech Thompson made a plea for a national data breach law in the United States. He said: “It’s completely impractical for forty states to have separate privacy laws. We need also to recognise that the problems are the same from state to state and country to country”.