LINUX SECURITY --- June 05, 2001 Published by ITworld.com -- changing the way you view IT http://www.itworld.com/newsletters __________________________________________________________________________ ______ HIGHLIGHTS * Hacker insurance may be a great idea, but you may want to consider changing your operating systems before you start pricing a policy. __________________________________________________________________________ ____ Hacker Insurance By Rick Johnson The recent torrent of break-ins has companies looking for any way to protect themselves, and we all saw this day coming. Hacker insurance has finally hit the mainstream. The truly interesting part is that some companies are actually charging more depending on your operating system. J.S. Wurzler Underwriting Managers, one of the first companies to offer hacker insurance, has begun charging its clients 5 percent to 15 percent more if they use Microsoft's Windows NT software in their Internet operations. Although several larger insurers said they wouldn't increase their NT-related premiums, Wurzler's announcement indicates growing frustration with the ongoing vulnerability discoveries in Microsoft's products. A policy covering revenue lost due to hacking costs about $4,000 per year for each $1 million in coverage. Some industry observers believe other insurers may follow Wurzler's lead, which could affect the overall hacker insurance market ? a sector that the Insurance Information Institute estimates may generate $2.5 billion in annual premiums by 2005. "We saw that our NT-based clients were having more downtime [due to hacking]," says John Wurzler, founder and CEO of the Michigan-company that has been selling hacker insurance since 1998. Wurzler said the decision to charge higher premiums was not mandated by the syndicates affiliated with Lloyd's of London, who underwrites the insurance he sells. Instead, the move was based on findings from 400 security assessments that his firm has done on small-and midsize- businesses over the past three years. Wurzler found that system administrators working on open source systems tend to be better trained and stay with their employers longer than those at firms using Windows software, where turnover can exceed 33 percent per year. That turnover contributes to another problem: System administrators are not implementing all the patches issued for Windows NT, Wurzler said. Several insurers offer discounts to clients that use managed security service providers or put certain security devices on their networks. For example, last week, AIG said it would cut premiums up to 10 percent for clients that use a new security device made by Invicta Networks, a Virginia company headed by Victor Sheymov, a former KGB agent. Invicta claims its device, which uses an Internet Protocol address-shifting technology, is impossible to hack. Insurance can be a great selling point to potential clients. Do you really need it? Probably not. Ideally, you'll never need to cash in the policy, but insurance is there to cover the "what if" scenario. Sure, you will get a big fat check in the event that something bad happens, but the damage is still done. About the author(s) ------------------- Rick Johnson is currently involved in a number of projects, none of which he can discuss at this time. Aren't non-disclosure agreements wonderful? When not involved with those, he heads the development team for PMFirewall, an Ipchains Firewall and Masquerading Configuration Utility for Linux. Rick can be contacted via email at rick@pointman.org or on the web at http://www.pointman.org. __________________________________________________________________________ ______ ADDITIONAL RESOURCES Hacker's Insurance: When All Else Fails http://www.itworld.com/jump/linsec_nl/www.sans.org/infosecFAQ/casestudies/ insurance.htm Hacker insurance a sign of the times http://www.itworld.com/jump/linsec_nl/www.usatoday.com/life/cyber/tech/cti 199.htm UK's First "Hacker Insurance Warranty Programme" Targets $1.3 Trillion Problem http://www.itworld.com/jump/linsec_nl/www.peapod.co.uk/press/dpa/65.html NT users pay 25% more in hacker insurance premiums http://www.itworld.com/jump/linsec_nl/www.slashtco.com/articles/01/04/19/0 925258.shtml __________________________________________________________________________ ______
<<attachment: winmail.dat>>