Insurance companies, like many other financial services organizations, have computing infrastructures that are perpetually at risk. Vulnerabilities in networks, computers and application software have holes in security that can be exploited, resulting in exposure of sensitive data, disruption of service and failure to comply with regulatory requirements. A recent report from the Aberdeen Group, Boston, examines some best practices for assessing a company's vulnerability and the threats to its IT infrastructure, including prioritizing fixes based on the business value of resources and acceptable levels of risk, and remediating through the efficient deployment of patches, configuration changes and other compensating controls.
The report, which queried insurance companies as part of its sample set, found 6,437 new vulnerabilities in 2007-an average of 124 per week-at one source. Of these, about 90% of the vulnerabilities could be exploited remotely, i.e. over the network. In addition, more than 410,000 new examples of malware, including viruses, worms, back doors, key loggers, trojans, spyware and rootkits, were discovered.
Keeping pace with vulnerabilities such as these typically accounts for a healthy portion of a company's IT security budget, with 14% being the average for those surveyed.
None of the respondents felt vulnerability management (VM) was a strategic activity, yet most admitted its importance.
(c) 2008 Insurance Networking News and SourceMedia, Inc. All Rights Reserved.
