But Do We Really Want to Know?

A recent Internet posting from IDG News Service noted that Swiss scientists have developed an algorithm that can be used to locate spammers as well as the source of a computer virus or malware.

By Ara Trembly

The algorithm makes the process of finding culprits more efficient by only checking a small percentage of the connections in a network, the piece noted. By using the algorithm, the specific computer in a network from which the spam mail is being sent can be found so that the network provider can shut it down. Using the same method, the first computer where the virus was injected could also be pinpointed.

Spam, of course, is often the vehicle for a variety of malware that may open the door to seriously damaging attacks on corporate networks. The algorithm is said to locate the source of the spam by using the network structure, looking at who is connected to whom, and determining the time of arrival of the virus to the sensors, according to IDG.

Avoid a Legal Black Hole (04/12/13)
Technological Obsolescence (05/01/13)
Part 3: Big Data Masters (04/12/13)
Defending Your Networks (04/12/13)
Excess and Surplus At the Ready (04/12/13)

This should be welcome news to the insurance information technology community, which is charged daily with protecting the valuable and confidential information of its customers. Of course, we also want federal and other law-enforcement authorities to help sniff out cybercrime and prosecute perpetrators, but given the tremendous volume of Internet traffic and the fact that a new virus is said to be created virtually every second, enterprises are well advised to protect themselves in every way possible.

But do we really want to know where attacks are coming from? While the question may sound ridiculous, it gets to the heart of how committed we are to the security of our enterprises.

The problem is that, if we know where an attack is coming from, it would seem we are obligated to do something about it. No, I'm not talking about putting together a posse and riding over to string up the wrongdoers. What needs to happen is that we must inform the proper authorities, who must then descend upon the location of the problem-makers and take the appropriate actions.

Once we do that, however, the cat is out of the bag, and the story may make the rounds of the media. So even though we have dutifully identified the culprits, we now have to admit that our enterprises were vulnerable in the first place. That could open us up to lawsuits alleging poor due diligence, or to the impression among the public that our rock- solid insurance enterprises are not so impregnable.

On the other hand, the story could be spun in such a way that the victimized company jumped in, identified the source of the problem, and reported it to the proper authorities -- making the victim the hero. Much depends on how the story is told, and that's where our public relations departments or agencies must shine. Before that happens, however, we must decide whether or not we have the will and the desire to pursue those who are attempting to compromise our networks.

That decision will be different for every insurer, broker, and agent. It may be useful to remember, however, that those who fail to go after the perpetrators leave themselves -- and everyone else -- open to future attacks and potentially catastrophic losses. Security is no longer simply about erecting barriers to intrusion.

ARA TREMBLY, is founder of Ara Trembly, The Tech Consultant. He writes about insurance and technology and can be reached at riskletters@lrp.com.

September 15, 2012

Newsletter Sign-up