Not surprisingly, information and data security is one of the hotter topics in Davos among the attendees at the World Economic Forum. Logically, if there are regulators for the Internet, telecommunications and accounting, why don't we have a standards in place for information and data security?It's Day 2 proper at the World Economic Forum, and a sea of lively debates is raging throughout the summit. Often, the informal conversations you have over coffee are far more valuable than the public forums, and one of the more interesting themes that came up amongst those I spoke to today was security. I've attended several meetings since my arrival and been involved in a number of discussions with banking institutions and business executives about the threats they're currently facing.
Phishing, phreaking and pharming are now everyday terms. They are the kind of attacks that are having a massive impact on customer confidence, driving the demand for some kind of security governing body. There is a definite feeling amongst delegates that trust is slowly dissolving amongst customers who are getting increasingly disillusioned about the safety of their information with their bank.
I had several fascinating statistics thrown at me in conversation. Whilst three years ago 90 percent of hacker attacks were benign with little dollar impact, 90 percent of hacking nowadays is malicious, designed to disrupt data or steal information. One of the newest concepts I heard about earlier was "data kidnapping" - where hackers break into business systems and block a company from using its data, effectively holding it to ransom. It's also sometimes known as ransomware when it encrypts a user's hard drive and demands payment to unlock it.
This provoked fierce debate about accountability amongst many of my fellow delegates. If an online banking customer has his account details stolen and loses money, who is responsible? The bank or the customer? Is it the user for not keeping his identity secure, or is it the bank whose security may have been compromised? Doubtless, this is set to be the biggest driver behind the calls for regulation and standards with banks crying out for guidance from a governing body.
It makes sense: If we have regulators for the Internet, telecommunications and accounting, then shouldn't we have some standards in place for security? Institutions need someone to turn to so there is no doubt over with whom the responsibilities lie or what actions should be taken when a security breach happens.
Technology can be a great enabler in combating the security issues these businesses are facing, but it can't operate in isolation. The responsibility for security needs to be spread among multiple parties, and it's down to regulators, vendors, banks and customers to put their shoulders to the wheel and fight this battle against cybercrime.
I'm sure the security discussions will continue as this week goes on, but I've noticed that, as anticipated, media coverage around Davos has so far been very much dominated by the issue of climate change. I have an Infosys breakfast debate at 7 tomorrow morning where I'm sure green will return to the fore.
Ashok Vemuri, SVP and head of banking and capital markets for Infosys Technologies, is attending his first World Economic Forum. He will be blogging about his experiences and the role of technology in the financial markets throughout his stay in Davos. Not surpisingly, information and data security is one of the hotter topics in Davos among the attendees at the World Economic Forum. Logically, if there are regulators for the Internet, telecommunications and accounting, why don't we have a standards in place for information and data security? Greg MacSweeney is editorial director of InformationWeek Financial Services, whose brands include Wall Street & Technology, Bank Systems & Technology, Advanced Trading, and Insurance & Technology. View Full Bio