No one likes to be singled out when bad news strikes—and goodness knows, The Hartford had enough bad news from the financial collapse of 2008—but technology observers believe being the victim of an attack is not so much an "if" proposition as a "when."
"When" for The Hartford came in late February, but news filtered out last week about an attack on the carrier's Windows server in which the user names and passwords may have been hacked. The carrier posted a letter on the Web site of the New Hampshire Attorney General from The Hartford's assistant general counsel, Debra A. Hampson explaining the situation.
The letter read in part: "To respond to this incident, The Hartford assembled its Security Event Response team to contain, control, and assess the situation. As part of the response, The Hartford will offer the impacted residents a free, two-year subscription to Equifax's Credit Watch Gold with 3-in-1 monitoring."
The Hartford believes this was a very small incident and affects only about 10 customers who may have logged-in to the server and been exposed to the malware before the hacking was detected. Several of the carrier's servers were attacked, including Citrix servers used by Hartford employees for remote access to IT systems.
The good news is The Hartford apparently caught this virus quickly and was able to limit its exposure. No one is yet sure how the attacktook place, but this incident should be a reminder to carriers that as we attempt to satisfy the many needs of business users and customers, there is an ever-growing strain on the security teams needed to combat these attacks.
Last month we published an article on enterprise risk management and the threats to an insurer's data from the remote access being granted to the carrier's servers through mobile devices. One of the insurers participating in the article was Lisa Hodkinson, vice president, information risk management for Nationwide.
"We're looking at how we can protect the data versus protect the device," she says. "Associates want to use whatever device makes them most productive. If they want to pull data to that device then we want to find a way to protect [the data] so they can use the tools and applications that help their productivity."
Larry Collins, head of e-Solutions for Zurich Services Corporation, worries the expansion of mobile computing has enabled the hackers of the world to go phishing on Web sites to collect user IDs and information or credit card information.
"There is an enormous impact from mobile computing in that genre," he says. "The APWG trade group (Anti Phishing Work Group) estimates there are about 40,000 attacks a month going on. A lot of that has been enabled by instant messaging and the collection of mobile devices we might have. The mobile computing environment provides a new venue for that kind of attack, especially since they contain so much data."
If this incident was as minor as The Hartford maintains, the carrier is on top of security issues and reacted quickly in the face of an intrusion. With nearly a half million attacks taking place in a year—as the APWG suggests—carriers need to remain vigilant as they look to offer more information and access to customers and partners.
© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.