[ISN] Day 2 at Davos: Setting the Security Standard

From: InfoSec News (alerts@private)
Date: Wed Jan 24 2007 - 23:24:56 PST


By Ashok Vemuri
Wall Street & Technology: Blog
January 24, 2007

Not surprisingly, information and data security is one of the hotter 
topics in Davos among the attendees at the World Economic Forum. 
Logically, if there are regulators for the Internet, telecommunications 
and accounting, why dont we have a standards in place for information 
and data security?

Its Day 2 proper at the World Economic Forum, and a sea of lively 
debates is raging throughout the summit. Often, the informal 
conversations you have over coffee are far more valuable than the public 
forums, and one of the more interesting themes that came up amongst 
those I spoke to today was security. Ive attended several meetings since 
my arrival and been involved in a number of discussions with banking 
institutions and business executives about the threats theyre currently 

Phishing, phreaking and pharming are now everyday terms. They are the 
kind of attacks that are having a massive impact on customer confidence, 
driving the demand for some kind of security governing body. There is a 
definite feeling amongst delegates that trust is slowly dissolving 
amongst customers who are getting increasingly disillusioned about the 
safety of their information with their bank.

I had several fascinating statistics thrown at me in conversation. 
Whilst three years ago 90 percent of hacker attacks were benign with 
little dollar impact, 90 percent of hacking nowadays is malicious, 
designed to disrupt data or steal information. One of the newest 
concepts I heard about earlier was "data kidnapping"  where hackers 
break into business systems and block a company from using its data, 
effectively holding it to ransom. It's also sometimes known as 
ransomware when it encrypts a users hard drive and demands payment to 
unlock it.

This provoked fierce debate about accountability amongst many of my 
fellow delegates. If an online banking customer has his account details 
stolen and loses money, who is responsible? The bank or the customer? Is 
it the user for not keeping his identity secure, or is it the bank whose 
security may have been compromised? Doubtless, this is set to be the 
biggest driver behind the calls for regulation and standards with banks 
crying out for guidance from a governing body.

It makes sense: If we have regulators for the Internet, 
telecommunications and accounting, then shouldnt we have some standards 
in place for security? Institutions need someone to turn to so there is 
no doubt over with whom the responsibilities lie or what actions should 
be taken when a security breach happens.

Technology can be a great enabler in combating the security issues these 
businesses are facing, but it cant operate in isolation. The 
responsibility for security needs to be spread among multiple parties, 
and its down to regulators, vendors, banks and customers to put their 
shoulders to the wheel and fight this battle against cybercrime.

Im sure the security discussions will continue as this week goes on, but 
Ive noticed that, as anticipated, media coverage around Davos has so far 
been very much dominated by the issue of climate change. I have an 
Infosys breakfast debate at 7 tomorrow morning where Im sure green will 
return to the fore.


Ashok Vemuri, SVP and head of banking and capital markets for Infosys 
Technologies, is attending his first World Economic Forum. He will be 
blogging about his experiences and the role of technology in the 
financial markets throughout his stay in Davos.

Subscribe to InfoSec News

This archive was generated by hypermail 2.1.3 : Wed Jan 24 2007 - 23:31:18 PST