Cybercrooks Follow Money and Trends to Mobile Apps

We’ve said a lot in this blog about insurers migrating to social media initiatives and the security dangers posed thereby, but another technology trend appears to be taking hold in our industry, and those who want to steal and destroy are not unaware of it. 

A recent Computerworld report notes that for the second time in three months, Google has canceled dozens of malware-infected Smartphone apps from the Android Market. 

As in the March episode, when Google removed more than 50 apps, the newest round consisted of pirated legitimate programs that had been modified with malicious code and then re-released to the Android Market under false names.

Once again, we see that crooks can be instantly reactive when it comes to spotting trends—and vulnerabilities—that will work to their nefarious advantage.  The very real fear among legitimate businesses is that infected apps could be used to seize control of Smartphones, tablets or other computing devices, and that such control—and damage—could be extended to the network itself.  In a network that allows connectivity to such devices, this could trigger catastrophic developments, as criminals think of new and less detectable ways to hijack systems and accounts for their illicit gain. 

This news comes at an interesting time for the insurance industry.  At the recent ACORD LOMA Insurance Systems Forum in San Diego, it was not hard to see that quite a few at the conference were sporting some form of tablet computer, while even more had Smartphones of one kind or another.  Everyone likes the portability and convenience of these devices, yet few seem to realize that data security for portable devices is still very bad.  I have no doubt that there is a groundswell of pressure on insurance IT folks to integrate a variety of devices into the corporate network for the convenience of employees, and for certain workers, especially those in claims adjusting, this makes sense. 

In a way, today’s insurance IT executive who is weighing the options on portable connectivity is like a baseball umpire.  He or she has to ignore the chants and cheers and boos of the crowd and make the right call in spite of all the clatter.  If you are an insurance IT person charged with this kind of responsibility, I do not envy you.  My first and most important suggestion is that you get buy-in for whatever you want to do from the highest levels—and get it in writing.  If a significant breach occurs via some connected tablet, Internet phone or other portable device, you want at least to be able to say that you didn’t allow the access all on your own. 

Finally, like that umpire, be ready to be called blind, ignorant and maybe even a “bum,” when your policy doesn’t meet with someone’s approval.  It comes with the territory, but that doesn’t mean you have to like it.  Be prepared. 

Ara C. Trembly (www.aratremblytechnology.com) is the founder of Ara Trembly, The Tech Consultant, and a longtime observer of technology in insurance and financial services.

Readers are encouraged to respond to Ara using the “Add Your Comments” box below. He can also be reached at ara@aratremblytechnology.com.

This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.

The opinions of bloggers on www.insurancenetworking.com do not necessarily reflect those of Insurance Networking News.