From: InfoSec News (alertsinfosecnews.org)
Date: Thu Jan 25 2007 - 01:24:56 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.wallstreetandtech.com/blog/archives/2007/01/day_2_at_davos.html

By Ashok Vemuri
Wall Street & Technology: Blog
January 24, 2007

Not surprisingly, information and data security is one of the hotter
topics in Davos among the attendees at the World Economic Forum.
Logically, if there are regulators for the Internet, telecommunications
and accounting, why dont we have a standards in place for information
and data security?

Its Day 2 proper at the World Economic Forum, and a sea of lively
debates is raging throughout the summit. Often, the informal
conversations you have over coffee are far more valuable than the public
forums, and one of the more interesting themes that came up amongst
those I spoke to today was security. Ive attended several meetings since
my arrival and been involved in a number of discussions with banking
institutions and business executives about the threats theyre currently
facing.

Phishing, phreaking and pharming are now everyday terms. They are the
kind of attacks that are having a massive impact on customer confidence,
driving the demand for some kind of security governing body. There is a
definite feeling amongst delegates that trust is slowly dissolving
amongst customers who are getting increasingly disillusioned about the
safety of their information with their bank.

I had several fascinating statistics thrown at me in conversation.
Whilst three years ago 90 percent of hacker attacks were benign with
little dollar impact, 90 percent of hacking nowadays is malicious,
designed to disrupt data or steal information. One of the newest
concepts I heard about earlier was "data kidnapping" where hackers
break into business systems and block a company from using its data,
effectively holding it to ransom. It's also sometimes known as
ransomware when it encrypts a users hard drive and demands payment to
unlock it.

This provoked fierce debate about accountability amongst many of my
fellow delegates. If an online banking customer has his account details
stolen and loses money, who is responsible? The bank or the customer? Is
it the user for not keeping his identity secure, or is it the bank whose
security may have been compromised? Doubtless, this is set to be the
biggest driver behind the calls for regulation and standards with banks
crying out for guidance from a governing body.

It makes sense: If we have regulators for the Internet,
telecommunications and accounting, then shouldnt we have some standards
in place for security? Institutions need someone to turn to so there is
no doubt over with whom the responsibilities lie or what actions should
be taken when a security breach happens.

Technology can be a great enabler in combating the security issues these
businesses are facing, but it cant operate in isolation. The
responsibility for security needs to be spread among multiple parties,
and its down to regulators, vendors, banks and customers to put their
shoulders to the wheel and fight this battle against cybercrime.

Im sure the security discussions will continue as this week goes on, but
Ive noticed that, as anticipated, media coverage around Davos has so far
been very much dominated by the issue of climate change. I have an
Infosys breakfast debate at 7 tomorrow morning where Im sure green will
return to the fore.

-=-

Ashok Vemuri, SVP and head of banking and capital markets for Infosys
Technologies, is attending his first World Economic Forum. He will be
blogging about his experiences and the role of technology in the
financial markets throughout his stay in Davos.

_____________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn
 

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]