In The Battle To Protect Computer Systems, Our Shields Are Failing Badly

Kirk: Scotty, do something! I need more power, now!

Scotty: I canna change the laws of physics!

Kirk: Anyone know how to say “Cant we all just get along?” in Klingonese?

(The ENTERPRISE explodes in a massive thermonuclear fireball.)

This is the situation we find ourselves in with regard to systems protection in an age of massive hacking and cyber-crime. Enemies are lining up to make war on our systems, but our defenses are hardly adequate to rebuff even the weakest attacks.

Certainly, the current economic climate has caused many businesses to be more cautious in their spending. The fact remains, however, that being penny-wise and pound-foolish with regard to systems security could indeed bring about the collapse of businesses–particularly those with a strong Internet presence.

Why would insurance companies, financial services companies, agents and others in this industry bury their figurative heads in the sand when it comes to security? Two thoughts come to mind.

First, theres the traditional reluctance of the insurance industry in particular to embrace technology of any kind. While many in this industry resent that characterization, few would dispute it. In fact, when I first came from the technology sector to start reporting on the insurance industry and told a group of agents that insurance was two years behind the curve on technology, I was interrupted by an audience member who insisted: “No, were five years behind!” I rest my case.

Second, theres a definite feeling among non-IT folks that cyber-crime “cant happen to us.” Indeed, the high-profile hacking incidents have not, for the most part, been in the insurance and financial services industries.

Privately, however, insurers have admitted being the targets of such attacks. They may not be talking about it, but they are hardly immune from the dangers of hacking and cyber-espionage.

And the attacks that affect us need not be aimed directly at our own systems. There was a report last year that a group had hacked into the World Economic Forums Web site and stolen the credit card numbers of Bill Clinton, Bill Gates and Yasser Arafat, among others. As systems become increasingly interconnected across industries, the dangers grow exponentially.

So, apart from the obvious solution of spending more on security initiatives and products, what can we do to raise our shields against attack?

Virus protection, while sometimes effective, is obviously far from adequate when it comes to protecting systems. Such software requires frequent updating, and even then, it is a nearly hopeless task to keep up with the hundreds of new viruses being created every year.

We still recommend the diligent use of virus protection applications, but dont stop there. Firewalls and intrusion detection systems also offer an effective line of defense, with such applications improving in effectiveness over time.

The key, however, lies not with technology, but with better human resources practices. The majority of systems attacks still come from within companies, rather than from external hackers. Disgruntled employees, in particular, represent a significant threat, especially if those employees have access to your system passwords.

Human resources professionals need to be much more careful in checking references and employment histories. Businesses also need to take advantage of software solutions that enable them to track the activities of all authorized users.

Finally, businesses would be well advised to establish solid Internet usage guidelines that, among other things, restrict personal use of functions such as e-mail and instant messaging. Many of the viruses that enter computer systems gain entry via online communications.

Is this kind of attention to security an overreaction? No more so than Star Fleet getting those crystals quickly delivered to the Enterprise.

Theres nothing quite as reassuring as hearing: “Shields at 100%.”

Reproduced from National Underwriter Life & Health/Financial Services Edition, April 15, 2002. Copyright 2002 by The National Underwriter Company in the serial publication. All rights reserved.Copyright in this article as an independent work may be held by the author.