Hackers Keep On Trying To Breach Insurers Security
While the insurance industry seems to have dodged a bullet in not having major Web sites or networks successfully broken into by hackers, security managers at Mutual of Omaha report that the companys network has been the target of numerous attempted attacks.
“Imagine the eyebrows of our CEO when I reported to him that in one weeks time we had 190 Code Red worm attempts on our network,” said Steven J. Clauson, director of system security for the Omaha, Neb.-based insurer.
Code Red is a virus that is said to have infected more than 250,000 systems worldwide in a 9-hour time span in July of this year. The “worm” installs a “backdoor” in infected systems that leaves the systems open to invasion by hackers.
“Every day, we see between 10 and 20 serious-risk hacker attacks against our network,” Clauson added. His comments came during a session on Information Security in the Financial Services Industry at the LOMA Emerging Technology Conference held here.
Clauson cited a survey of 500 companiesdone by the Computer Security Institute and the FBIwhich stated that viruses alone had cost these companies $150 million over the course of a year.
The tools and technologies used to fight such attacks, said Clauson, include biometrics, encrypting files, antivirus software, firewalls, encrypting log-ins, physical security and intrusion detection.
The use of encryption–the encoding of files so that they can only be read by authorized individuals–is growing in insurance circles, said Clauson. “Theres a lot of information sitting on legacy systems,” he noted. “People are going to break into your systems, whether they be hackers or internal employees.”
Intrusion detection–a technology that senses unauthorized system intrusions and sends out a warning–”is really starting to explode,” Clauson reported. In the past, intrusion detection meant simply monitoring and reporting on activity on a networks firewall. Today, however, “thats not good enough,” he said. Intrusion detection also extends within the organization to detect potentially threatening activities.
When it comes to sources of attacks, “it used to be that everyone would tell you that your greatest threat comes from inside [your company],” Clauson observed. This year, for the first time, that is no longer the case, he said. The most prevalent threat is the independent hacker.
The primary avenue of attack, he added, is via the Internet.
Clauson asserted that “the biggest impact” on the insurance industry of such attacks, if successful, would be “loss of trust.” It would take only one such “hack,” he said, to compromise that trust. “People are depending on us to protect their information, to secure it and to make sure it doesnt become public.”
Why do hackers do what they do? Clauson played part of a 60 Minutes interview with alleged high-profile hacker Kevin Mitnick, who was said to have broken into the systems of more than 35 major corporations and other organizations, causing an estimated $300 million in damages. Mitnick, who was eventually caught and convicted, was recently released from prison. In the interview, he described his hacking activities as “a hobby.”