GO
Loading...

WEF braces for the “other” security threat: Hacker attacks

Every January about 2,500 attendees flock to the World Economic Forum in Davos-Klosters, Switzerland—a country known for its mountains, banks, chocolates and watches—to explore the trends and opportunities pushing global, regional and industry transformation. As expected, the participants are greeted with beautiful scenery, lots of snow, friendly locals—and, of course, a plethora of security. The reason: Among those participating are some of the world's most influential business, political, and intellectual leaders of our time.

From snipers on rooftops to checkpoints run by the Swiss Army, security is taken extremely seriously in and around this small town of just 11,000 residents. And according to Edward Stroz, the executive chairman of Stroz Friedberg—a firm based in New York City that offers global solutions and services to address investigative, intelligence and risk-management challenges—it needs to be. The former FBI agent told CNBC that this annual five-day global meeting is a prime target.

"Anytime you have the chance to answer the questions of who, when, where, why and how, you give an adversary or any kind of threat agent an advantage." At the World Economic Forum all of those factors are in place, he said, from the central location, to the time, to the list of attendees. Stroz, however, warned: One of the biggest risks may be what most people won't expect—one that, despite all of the visible security, may be difficult to prevent.

(Read more: A-List names in Davos 2013)

Laptops at the World Economic Forum in Davos, Switzerland.
Simon Dawson | Bloomberg | Getty Images
Laptops at the World Economic Forum in Davos, Switzerland.

A very real, viable threat

Stroz, unfortunately, is referring to threats to information—emails, computer files and phone calls—all of which he believes could be at risk in any type of large gathering of this sort. "I think that all of the security that you see is part of a comfort level, but it can be a step in a direction that doesn't take you as far as you think it is taking you in regards to your information security," said Stroz.

(Read more: The next big hacker target? Your cell phone)

The threat to information security is a very real and weighty issue for the World Economic Forum, and members of the international organization have been proactively taking measures to deal with the problem.

In a statement to CNBC, a WEF spokesperson wrote: "The World Economic Forum takes information security seriously. We look at it from various angles ranging from our reports drawing attention to it as a major area of global business risk to an operational level. We employ encryption technologies where required, and subject ourselves to external and internal audits. We train our staff regularly and engage in continuous monitoring of our networks and assets. During the Annual Meeting we invest considerably to create a secure IT environment with respect to the devices, networks or systems, which we provide and control ourselves. When it comes to personal or professional devices (smartphones, tablets which participants bring to our meeting), we help to ensure that they are able to access our mobile and web applications securely, and that the underlying data is protected using current security measures."

But Stroz believes that data hackers have sophisticated means to work around many systems, so you should never let your guard down. "If somebody wanted to copy your electronic files or inject some kind of malware onto your computer, some of the alarms, guards and locks you see are probably not a suitable approach to protect your information security, and it's at that level that I believe people need to have their radar on and make sure they don't get sloppy because the physical security is there."

"Bring a secondary phone, one with less vital information on it, so if it is compromised in any way, criminals have access to less of your information." -Edward Stroz, former FBI agent and founder of security consultant firm Stroz Friedberg

In fact, you know those small USB flash drives that are often handed out like candy at conferences and events around the world? Stroz cautioned that even these little data-storage devices could pose a threat. "If someone gives you a thumb drive, it is possible that there is code on [it] that is going to be loaded into your device and could have unintended consequences."

If you think that sounds crazy, just last year unconfirmed reports surfaced out of the G20 summit in Russia that participants were given thumb drives bugged by the Kremlin. It is something Russia denies, but nevertheless, it doesn't hurt to be extra cautious, Stroz said, adding, "Think of it as a syringe or a needle. You wouldn't just put a needle into your arm unless it was sterile and the fluid would help and not hurt you."

Still, Stroz understands that people who attend events like this need to get work done. That means using their smartphones, computers and other electronic devices to transmit data. So rather than suggest attendees opt out of using their electronic devices, he offers advice on how to limit risk.

(Read more: We got 'sucker-punched in cyberspace')

Gearing up by gearing down

"The kind of device you take with you should be something that is minimized in terms of the files," he said. "Instead of taking your laptop that has everything on it, perhaps you take something that just has the bare essentials."

Even for smartphones, he suggested bringing a secondary phone, one with less vital information on it, so if it is compromised in any way, criminals have access to less of your information. He also recommends turning your phone off while in confidential meetings or to turn your devices to airplane mode. This way, you prevent someone from remotely accessing your phone or tablet computer and activating the camera and microphone.

"If you can take a different phone with you and leave ... things behind, then you are probably finding best practices. In some countries we advise people to buy a temporary phone," Stroz said. "But what you need to think is, How likely are you to be compromised, and how badly could it hurt you?" If you think you're in the clear long after you check out of your hotel room and head toward your gate of departure, think again, Stroz said. Once back in the office, you should have your company's IT department scan your computer or phone to make sure it is free of any potential viruses that could have been installed unwittingly.

—By CNBC's Justin Solomon. Follow him on Twitter @JsolomonCNBC.

Videos

Latest Special Reports