Return of the Guru

Industry’s ‘Dull’ Image May Actually Protect Against Some Breaches

Ara Trembly
Insurance Experts' Forum, July 6, 2011

For some time now, I and others have been warning the insurance industry that we are vulnerable to cyber-attack, and that such attacks could be disastrous to our reputation as a trusted, rock-solid backup to accident and loss.  Now, however, it appears that at least one segment of the hacking community is really just doing their break-and-enter act for entertainment.  If that’s so, then our industry has little to fear. 

According to an online posting from The StarPhoenix, the Internet vigilante hacker group Anonymous claimed to have broken into an Apple Inc. server and published a small number of usernames and passwords for one of the company’s websites.  Anonymous said on Sunday via its account on Twitter that Apple could be a target for hackers and released the data as part of its Anti Security, or “AntiSec,” campaign. 

Anonymous, says the posting, teamed up with the Lulz Security group of hackers late in June. LulzSec, which gained wide recognition for breaching the websites of Sony Corp, the Central Intelligence Agency and a British police unit among other targets, said it had accomplished its mission to disrupt corporate and government bodies for entertainment (italics mine).  

Why is this good news for insurance?  The answer is that if the purpose of these hacks is to entertain the perpetrators and their friends, there really isn’t too much mojo to be gained by cracking an insurance company.  Surely in the status hierarchy of these crackers (“malicious, annoying people who get cheap thrill out of cracking computer codes, and breaking into systems” according to HackAnonymous.com), it is much cooler to have messed with a federal government spy organization or a major entertainment corporation than it would be to crack into the servers of the good hands people or to chip off a piece of the rock. 

It is certainly no secret in our industry that outsiders view us with downright boredom, unless of course there is a claim involved.  By definition, a cyber-break-in achieves notoriety based to a great degree on the stature and entertainment value of the victim.  If I beat my 75-year-old arthritic accountant at tennis, you probably won’t be terribly impressed, but if I beat Roger Federer (just a fantasy, I assure you), that would undoubtedly boost my personal tennis stock.  So if you want to build a reputation as a top-of-the-line cyber-meddler, other industries than insurance would seem to be more appealing targets. 

But let’s not get carried away with these comforting thoughts.  There are still plenty of cyber-criminals out there who are doing their nefarious deeds for profit and profit only.  From that point of view, insurance is just as likely a target as any industry, especially because we deal with sensitive data and often financial information.  With that in mind, prior warnings about vulnerability are still very much viable, and defenses, both physical and policy-based, are advisable.

Ara C. Trembly (www.aratremblytechnology.com) is the founder of Ara Trembly, The Tech Consultant, and a longtime observer of technology in insurance and financial services.

Readers are encouraged to respond to Ara using the “Add Your Comments” box below. He can also be reached at ara@aratremblytechnology.com.

This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.

The opinions of bloggers on www.insurancenetworking.com do not necessarily reflect those of Insurance Networking News.

 

 

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

The Good, The Bad and The Ugly Of Enterprise BI

When IT can't deliver, business users build their own applications focusing on agility, flexibility and reaction times.

The IT-Savvy 10%

IBM survey reveals best practices of IT leaders.

The Software-Defined Health Insurer: Radical But Realistic?

Can a tech startup digitally assemble the pieces of a comprehensive, employer-provided health plan?

Data Governance in Insurance Carriers

As the insurance industry moves into a more data-centric world, data governance becomes more critical for ensuring the data is consistent, reliable and usable for analysis.

Fear This

Just days before this Issue, which contains our security cover story, went to press, we got some interesting news: 1.2 billion unique usernames and passwords and 542 million email addresses were reportedly stolen from 420,000 websites, according to The New York Times. The websites ranged from Fortune 500 companies down to small online retailers.

Should You Back Up Enterprise Data to the Cloud?

Six questions that need to be asked before signing on with an outside service.