Return of the Guru

Mobile Devices, Social Networking Prime Hacker Targets

Ara Trembly
Insurance Experts' Forum, November 4, 2010

Hot on the heels of my recent posting on growth of portable technologies in the insurance enterprise, I came across a report that should give every insurance tech executive pause when it comes to such devices, and when it comes to allowing employees to access social networking from the corporate network. 

Science Daily reports that The Georgia Tech Information Security Center (GTISC), which focuses on information security research and education, announced the release of the GTISC Emerging Cyber Threats Report for 2011.  The report, released in October 2010, states that “an increase in the number of mobile and networked devices provides an enticing target for cyber criminals to steal data and thwart the functioning of systems in a variety of venues from hospitals to utility providers.”

For 2011, GTISC forecasts that mobile devices and social networking are among the top three threats to personal and business systems.  The report notes that, “As more open mobile device platforms grow in popularity and more applications become available, these devices will become more attractive targets of attacks. In addition, cyber criminals are using Twitter and Facebook accounts to lure users into handing over personal and sensitive information.”

Having tracked this particular trend for some time, the one thing that has become obvious to me is that things will not get any better any time soon.  Security for wireless and portable devices has been a major stumbling block since day one, and I have yet to see any significant progress in dealing with this challenge.  At the same time, usage and the number of available applications for such devices has been growing like a wildfire—and the chances of controlling the flow of sensitive information to the wrong places are about the same as putting out that wildfire with a single bucket of water. 

This is a battle we are clearly losing, yet we continue to rush headlong towards disaster by allowing risky points of access to our networks.  To be sure, we are pressured by employees who want to “stay connected” 24/7 via their own devices or through the famously porous social networking outlets.  We’re also feeling pressure from the technology industry itself, which tells us that the tide for portable devices and social networking is rising and there is nothing we can do about it. 

Well, the tide may indeed be rising, but does that mean that we have to be swamped by it instead of remaining afloat?  Clearly, the technology aspect of this problem is growing out of control, but it is in the human response that we may be able to save ourselves and our enterprises.  The time has come for responsible stewards of enterprises to severely restrict, if not prohibit, portable device use or social networking access that could serve as an entrée into the network. 

A number of objections will undoubtedly be raised.  People will call companies who actually formulate and enforce such policies “Luddites.”  And while it may be true that the restrictors are not on the cutting edge of technology, they will also not be on the bleeding edge of a security nightmare.  It is critical that we not lose sight of the fact that our business survives on the use of data and on the protection of sensitive data from unauthorized access. 

It might be really cool to roll a joint, fire up the smart phone, and commune electronically with our fellow moon beamers from our workplace desks, but the reality of the world is that we are not all part of the same benevolent community, electronic or otherwise. 

And, like it or not, reality is what we have to deal with each day. 

 

Ara C. Trembly (www.aratremblytechnology.com) is the founder of Ara Trembly, The Tech Consultant, and a longtime observer of technology in insurance and financial services.

Readers are encouraged to respond to Ara using the “Add Your Comments” box below. He can also be reached at ara@aratremblytechnology.com.

This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.

The opinions of bloggers on www.insurancenetworking.com do not necessarily reflect those of Insurance Networking News. 

 

 

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

The Other Auto Insurance Telematics Shoe Drops

Progressive's decision to charge Snapshot drivers more if their driving data indicates higher risk has started the industry down a road of data-driven adverse selection.

Core Transformation – Configuring in the Rain

The whole point of core transformation is that changes at the micro level can be used as a stimulus for changes at the macro level.

6 Ways to Develop a Productive IT-Business Dialog

Relationship management 101 for keeping IT and business on the same page.

Unified Digital Strategy: Succeeding in the Digital Revolution

A unified digital strategy recognizes that all business strategies and technologies touch the customer in some way and that a one-size-fits-all channel model is obsolete.

Agile and Continuous Delivery in a Regulated Environment

Just because a development team is doing continuous delivery or packaging releases into two-week sprints doesnít mean that code is being moved to production.

Dealing with the COBOL Brain Drain

Documentation on aging systems often is akin to tribal knowledge, and the potential for things to go bump in the night increases as these environments face generational transition.