The Human Operating System is 100 Percent Vulnerable
Bryant G. Tow | June 02, 2014
Cyber-attacks are through the roof. Numbers from the FBI, Verizon Breach Report, the Ponemon Institute and nearly every industry source all agree the number of attacks are dramatically increasing. We’ve all read of Target, Neiman Marcus, and so many others. So the question is: Are we becoming more vulnerable?
First we must understand both the source and the cause. The source is generally considered by most to be generally classified as those ‘hackers.’ The fact is, the days of the stereotypical teenage male in his parent’s basement have long since passed.
Hackers today are highly sophisticated and organized and generally fall into one of three categories.
Organized criminals that are out for financial gain, often measured by millions of dollars
Nation-state actors with the most attention being on Iran, China and Russia.Just this week a malware attack suspected to be sourced from Iran made a significant splash in the defense world
Hacktivists, socially motivated groups that are well organized, sufficiently funded and are motivated by an ideology.The most commonly known of such group is called Anonymous. Among hundreds of others, they took credit for bringing down five banks in Brazil as a protest when the Brazilian government made cyber intrusions a crime.
Interestingly the cause is not a technology problem. Nearly all networks have a firewall that blocks attacks, an intrusion detection system that tells when someone is trying to break in, and any number of other technologies to protect the network and the data. There is also anti-virus (AV) software. Last week Symantec, arguably one of the largest AV companies in the world, made an announcement that AV is ‘dead,’ which created quite an uproar. If you look further into the statement, they clarify that hackers have moved away from the nuisance of virus and worms to malware. Malware is ‘malicious software’ that is hostile and intrusive. It can log keystrokes, destroy data, steal passwords, and allow remote control of your systems among other tricks.
The simple fact is, they don’t have to break down a door that is willingly opened from the inside. The Human Operating System is designed to be a helpful, quick moving, and often lacks an adequate logic algorithm (people often don’t think). Phishing has become the weapon of choice for the hackers because email must be let into the network to do business.
A cleverly crafted email makes it simple for the hackers to get directly into your company network. Emails that seemingly come from the IRS around tax time, or from FedEx or UPS about lost packages during the holidays will certainly raise the recipient’s heart rate enough to cause them to click. Gotcha.
People post an insane amount of personal data on the Internet through social media. Such postings allow criminals to gather specific data about where their target shops, banks, works out or other day-to-day activities. This public information makes it very easy to create a tailored, specific email to a target and dramatically increases the likelihood of this Spear Phishing email being opened and the subsequent payload delivered.
Recently a specific area was targeted during an impending snow storm. Hackers were aware of potential school closings in the region and sent out specific email to targeted victims regarding early dismissal of the schools and emergency instructions on collecting students. Some email contained infected spreadsheets claiming to have class rosters. Some contained infected links in the email text that would take the victim to a seemingly legit website.
There are end point security technologies that can block some of the more common attacks and the major AV vendors do a good job of keeping up. Properly installed systems will keep signatures regularly updated and keep most of these attacks from getting to the users, but no technology is available to protect the human operating system. The issue is only one has to get by to be effective. A 99 percent score in security is still a fail.
Users of desktops, tablets smartphones, etc. must be educated on the threat and understand how a silly action on their part can cause the company a significant loss. When users understand they are the first line of defense and are empowered you can significantly reduce the threat.
There are some things that you can do and to protect yourself and your data:
- Do not click on any links in the scam email (open a browser and go to the site manually)
- Do not supply information of any kind (personal or company) as a result of the email
- Do not reply to the email or attempt to contact the sender in any way.
- Do not supply any information on the bogus website that may appear in your browser if you have clicked a link in the email.
- Do not open any attachments that arrive with the email
- Delete the email from your computer as soon as possible
- Report the phishing scam to Department of Homeland Security US Computer Emergency Readiness Team (US-CERT) at: firstname.lastname@example.org
By now it has become evident that the water is coming over the wall. Someone in your company is going to click on something they are not supposed to. Simply put, there are two kinds of companies: those that have been infiltrated and those that are not aware of it. The best defense is having tactical plans to handle the technology when it does become infected and minimize the loss.
Bryant G. Tow is an enterprise security executive, published author, and speaker with over 20 years of experience in technology.
- Martha Notaras Will Join ITA LIVE 2019 as a Keynote Speaker
- Five Things to Consider When Evaluating Your Cyber Risk
- ITA Pro Magazine, January/February 2019
- Major Ransomware Attack Could Hit U.S. with $89B In Economic Damages
- ITA Announces 1st of Three Keynote Speakers at ITA LIVE 2019
- Electronic Chat with Jeroen Morrenhof
- Legacy Systems Are Dead. Really? Don't Count On It.
- Now Accepting Nominations for the 2019 ITA Bridge Awards
- It's time to register for ITA LIVE!
- Registration is Now Open for ITA LIVE 2019!
- What to Expect from a Digital Experience Platform Implementation
- ITA Pro Magazine September Edition is Now Available
- It's National IT Professionals Day
- Save the Date for ITA-LIVE 2019
- OneShield Software and UrbanStat Work Together to Improve Real-Time Analytics and Risk Decision-Making
- ITA LIVE 2019 - SAVE THE DATE!
- Insurance Technology Association Announces New Editor-in-Chief
- August 2018 Edition ITA Pro Magazine is Now Available
- Enterprise Architecture in an Agile World
- Top 10 Tips for Securing Your Mobile Devices and Sensitive Client Data
- Industry Insight: 4 Global Insurance Trends in Digital, Data, Content Services and Security
- Diving Deeper into Prioritizing Your Strategic Digital investments
- Why Content Rules
- How Mass Personalization Will Open the Small Business Benefits Market
- At Year End 2017, Will Your Organization Be Protected from Cyber Risks?
- Do Insurance Bots Dream of Mitigating Risk?
- Conditioned to Respond
- Managing & Mobilizing Insurance Data in a Connected World
- Race to the Finish Line
- New Tools, New Opportunities in Claims
- ITA LIVE: Reaching Insurance Industry Crossroads
- Advice to Insurance IT Leaders: Keep Your Eye on the Ball
- New Date, Venue for ITA LIVE 2017
- Guidewire Makes Major Push to Small and Midtier Market by Acquiring ISCS
- Insurance Disruption is Happening Right Now
- Insurity Adds Strategic Investment Partner, General Atlantic
- Beyond Transformation: The Convergence of Finance, Risk, and Actuarial Functions
- The Rapid Evolution of Consumer Protection Regulation
- Talent Hunt: Finding, Attracting, Retaining Top People
- Insurers Flexing Their Distribution Models
- Technology Driving Disruption in Insurance
- Fear of ‘Next Bubble’ Challenges Life, Annuity Carriers
- Technology Allows Commercial Lines Insurers to Stand Out
- Single Sign-on Viewed as Biggest Tech Challenge for Agencies
- ISCS Observes 20th Anniversary; Scurto Predicts Major Changes Ahead
- Policyholders and Their First Impressions
- Progressive Making Progress on the UBI Front
- High and Dry: Insurers Search for Disaster Recovery Plans
- Insurers Sign The (Un)Dotted Line
- Reflections of a Retired Insurance CIO
- Mobile Device Management Just One Answer to BYOD Issue
- Lessons from GEICO and Progressive on Winning the Critical Buying Stage
- You Are a Target for a Cyber Attack
- Web-based Systems are the Next Evolution in Claims Technology
- Gaining a “Wow” Experience from Web Users
- Time to Shift from Business/IT Alignment to Business/IT Alliance
- Healthcare Insurers Changing to Consumer Model
- Organization is the Key for Selecting Software Vendors
- Analysts Expound on the Needs of the Mid-tier Insurance Market
- Finding the Cure for Obamacare’s Website
- New Software Solutions Benefit Insurers on the Inside and Outside
- Products, Market Impede Investment in Systems for Life Insurers
- Combatting Cyber Threats: Predict, Prevent, Persist
- The Future of Telematics Heads Beyond Insurance
- The Shame in Cyber Security Lapses
- Building Policy Administration Systems for the Future
- Insurers Look Into The Eyes of Their Policyholders
- It’s a New Dawn for the ITA
INSURANCE IT NEWS
- RLI Selects DataCubes to Optimize Certain Underwriting Processes
- Reinsurance Software WebXL Version 4.3 Released by Prima Solutions-Effisoft Group
- Direct Online Could Grow to 12% of Small Commercial Insurance Market by 2023, Says Novarica
- David Fisher joins FRISS board as non-executive member
- Gulfstream Property and Casualty Insurance Company Selects Roost®Home Telematics Solutions
- Promutuel Insurance Extends Guidewire PolicyCenter to Support Personal Lines Including Data Management and Policyholder Digital Engagement
- Global Insurance Accelerator Announces Nicole Cook as Next Managing Director
- 60% of Carriers Planning to Increase Quality Assurance Activities in 2019, Says Novarica
The Email Chat is a regular feature of the ITA Pro magazine and website. We send a series of questions to an insurance IT leader in search of thought-provoking responses on important issues facing the insurance industry.
ITA LIVE 2019
The tide is up! It's time to register for ITA LIVE 2019, our annual educational and networking conference! Our theme is "The InsurTech Revolution: Cutting Through the Hype." and we'll be bringing in a torrent of industry thought leaders, amazing insight and wonderful perspectives on the world of insurtech and its impact on the insurance landscape.
ITA LIVE 2019 will present real-life examples of true startup technologies that are helping insurers gain real advantage -- and a competitive edge -- in the marketplace. We’ll highlight the more successful InsurTech partnerships, while offering case studies that demonstrate exciting innovation and cutting-edge techniques impacting all aspects of the insurance ecosystem.
Ride the wave to LIVE 2019. Sign up today! We look forward to seeing you in May, 2019!
BLOGS AND COLUMNS
This month, the ITA celebrates Insurance Careers Month and encourages carriers, brokers, agents and our industry associations to plan their own... READ MORE
Customization in the general sense has a very positive connotation. However, in the world of software systems, customization quite often falls short... READ MORE
You have surely heard it said that small businesses are the growth engine for America. Today, the phrase has a special ring to it for benefits... READ MORE
With stagnant growth and lingering low interest rates, the life insurance industry faces a challenging future... READ MORE
Finding insurance carriers willing to write commercial lines risks has always been a challenge for producers... READ MORE
As Guidewire Software prepares for the start of Connections, its 11th annual user conference that begins on Nov. 2, Brian Desmond, chief marketing... READ MORE