Blog

Virus Attacks: It’s Bad Out There and Getting Worse

Ara Trembly
Insurance Experts' Forum, December 10, 2009

My last blog entry about a particularly nasty virus attack on my business system prompted INN Editor-in-Chief Pat Speer to remark to me that things were getting pretty wild out there in cyberspace, and she could not be more correct. 

Virtually every Internet source I could find has documented increases in most kinds of malware over previous years, and predicted more doom and gloom for the years to come. But why should this be so? A whole new (and very profitable) industry has grown up around virus protection, and most of us are at least marginally aware that we need to do something to protect ourselves against intrusions, whether they be from disaffected pre-teens with nothing better to do, or from multi-national criminal syndicates who are making untold volumes of money by stealing information and often funneling the funds to terrorist organizations. 

Yet the problem continues to worsen and carriers, agents and brokers need to beware lest their customer data be compromised or stolen—a hellish nightmare in an industry that sells itself on trust. 

One reason this awful trend continues is that the bad guys and their products continue to be moving targets. Once upon a time, viruses were static pieces of software that, once recognized, could be easily dealt with. Today, however, malefactors don’t just build a virus program and keep using it, because once the virus is out there, software and security application vendors can get a look at it and develop a fix. Instead, just as with biological viruses, the bad guys continue to crank out mutations, or changes that will make the virus invisible to fixers and/or negate whatever efforts the good guys make to get rid of the offending apps. As a result, even though your anti-virus software will tell you that it has profiles on hundreds of thousands of viruses, it’s likely that the software doesn’t know about the newest variant just developed in Bulgaria, or some other far-flung place. 

Another reason is that the viruses themselves have been engineered to be more resistant to efforts to block or eliminate them. For example, the bug that attacked my systems kept hiding its own file names (or possibly changing them). Thus, tracking down the malicious files in order to delete and incinerate them became a true “cat and mouse game,” as Pat Speer called it. To make matters worse, it also did damage to one of my anti-virus programs, making it impossible for me to do a scan with that particular application. 

Yet another contributor to the increased success of malware attacks is that they are cleverly engineered to look like beneficial software. The malware that struck my system popped up out of nowhere and informed me that several evil-sounding bugs that posed a significant threat to my systems had infected my computer. The program used graphics that looked very much like Windows’ own security messages, and it is easy to imagine that many users would fall into the trap of downloading the “fix,” which is really more malware. 

I knew better, though; I wasn’t about to download any phony application. The problem, however, was that the virus went ahead and downloaded itself when I tried to close it out. When you think about it, there is virtually no way to defend yourself against such an attack short of sophisticated intrusion detection systems that are not widely installed. If experienced users can be victimized, how much worse will less seasoned users be hit? 

This is a losing battle, my friends, and unless the security industry steps up and starts marketing better intrusion and detection systems, it will only get worse. It could actually get to the point where larger enterprises will severely limit Internet access to a select number of computers or dumb terminals, which won’t be directly connected to the network. While that seems unthinkable given the way we do business in this day and age, we may in the end have no choice. 

Ara C. Trembly (www.aratremblytechnology.com) is the founder of Ara Trembly, The Tech Consultant, and a longtime observer of technology in insurance and financial services.

Readers are encouraged to respond to Ara using the “Add Your Comments” box below. He can also be reached at ara@aratremblytechnology.com.

The opinions posted in this blog do not necessarily reflect those of Insurance Networking News or SourceMedia.

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

IT Spending is Healthy, But Where's the Money Going?

IT leaders expect more money for cloud, virtualization and mobile — but no staff increases.

To Quantify or Not — That is the Question with Modernization

Making the quantitative case is a long-practiced ritual in many insurance organizations.

3 Reasons DevOps Matters

Every insurer needs to compete on products and information turned around in light-speed fashion.

Coordinate Coverages to Manage Social Media Exposures

The bottom line is that no one policy will cover all the exposures in the social media realm.

The Internet of Things: Helping Insurers Make Better-Informed Decisions about Risk

The IoT is a major game changer for the insurance industry, and will likely affect every part of the insurance value chain. After all, insurance is data-driven, and that’s exactly what the IoT can deliver—relevant, actionable, real-time data that can provide an accurate picture of what is being—or may be—insured.

Software-Defined Everything

What does it take to virtualize all the key components in your data center?

Advertisement

Advertisement