Anyone who knows me or reads my rants on technology also knows that I am not short on opinions or shy about expressing them. Nevertheless, having a platform as a “thought leader” does, at times, come with a certain amount of responsibility to maintain decorum and to behave in a humble manner.  
This is not one of those times.  
For years now, I have been saying that data security on the World Wide Web is a pipe dream invented by those who wish us to feel more secure about transacting business or putting forth sensitive information on the Web. Most recently I used that argument to support my contention that insurance companies are not ready to risk having core system processes delivered via the Software-as-a-Service paradigm.  
And this was not a pronouncement without substance. I have pointed to the constant battle we are fighting to keep up with the new security threats being hatched by criminal organizations worldwide, and by anti-social individuals who want to prove that they should have been picked first for the volleyball teams in gym class. There is a reason that security technology is a growing sector of the economy, and it looks like the end of that growth is nowhere in sight.  
I have pointed to the shocking vulnerability of our own federal government’s systems and data, as demonstrated by repeated successful hacking attacks on the Defense department and other federal agencies. Then there’s the job no security expert wants—cyber-security czar for the Obama administration—because it may easily turn out to be a losing battle.  
I have also pointed to the fact that this Web insecurity does not bode well for insurers who want to link their systems to public social networking sites. Sure, the marketing benefits look attractive, but do they balance out the risk of having your systems compromised?  
Despite these convincing cautions, however, some have chosen to look the other way and ignore the threat. This latest announcement from IBM, however, should convince even the most skeptical that the danger out there is very real.  
Specifically, IBM recently released results from its X-Force 2009 Mid-Year Trend and Risk Report. To quote their news release, “The report's findings show an unprecedented state of Web insecurity as Web client, server, and content threats converge to create an untenable risk landscape.”  
According to the report, there has been a 508% increase in new malicious Web links discovered in the first half of 2009. “This problem is no longer limited to malicious domains or untrusted Web sites,” says IBM. “The X-Force report notes an increase in the presence of malicious content on trusted sites, including popular search engines, blogs, bulletin boards, personal Web sites, online magazines and mainstream news sites. The ability to gain access and manipulate data remains the primary consequence of vulnerability exploitations.”  
X-Force Director Kris Lamb states: "There is no such thing as safe browsing today and it is no longer the case that only the red light district sites are responsible for malware. We've reached a tipping point where every Web site should be viewed as suspicious and every user is at risk. The threat convergence of the Web ecosystem is creating a perfect storm of criminal activity."
Hear that, all you doubters and head-in-the-sand types? Hear that, all you risk-averse insurance enterprises? This should be a wakeup call for many.  
This is a war; and wars engender casualties. Let’s make sure that we take every precauti on—and that we are proactive—to minimize the danger. Insurers—who depend on the public’s trust of their integrity—cannot afford to be among the wounded or killed.  
This article can also be found at InsuranceNetworking.com.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access