Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cyber Insurance Between the Lines

Posted by timothy on from the door-hit-rear-on-way-out dept.

Shackleford writes "Security Focus has an article that discusses insurance policies regarding 'computer attacks and cyber sabotage.' It discusses a case in which an administrator who set up back doors in the system with which he was trusted deleted files to which he could access after he was fired. His company had insurance against dishonest acts by employees, but not against 'acts of destruction.' Eventaully, the company won, but the case went to litigation. So the lesson to be learned here is that your company may have 'cyber insurance' without knowing it, but you need to be sure about it."

4 of 89 comments (clear)

  1. Do Admins leave Backdoors a lot? by Puchku · · Score: 4, Interesting

    Always wanted to know this. I am a sysadmin for a College (i'm a student there), and I always leave a backdoor or two in case of emergencies. like someome else chaniging the root passwords etc. Does anyone else do this, or is it just me?

  2. BOFH by RobertTaylor · · Score: 2, Interesting

    Obligatory link to The Bastard Operator from Hell page.

  3. Re:Playing Russian Roulette by Puchku · · Score: 2, Interesting

    true true. But the question is, do sysadmins suvccumb to the tempatation of leaving these backdoors? Hell, i know that if someone else stumbles upon the backdoor, i'm screwed, so i change the backdoors every two weeks. but i still leave them. They've saved the systems ass a few times too, when the other sysadmin, whos more of a NT/2k guy, screwed around. So does anyone else do this, then?

  4. Read the fine print by batobin · · Score: 2, Interesting

    I guess the lesson here is to read the fine print. The important thing to look for here is when the "dishonest employee" commits their dishonesty. From a logical standpoint, any malicious acts committed through the back-door should be covered by the insurance, merely because the back-door only existed because of dishonesty. But I'm sure the insurance company tried to argue, and support with the fine print, that the actual exploitation was the dishonest act, and occurred only after the employee was fired.

    Here's something to make you think: what would happen if the dishonest employee created the backdoor, quit, and someone else from outside the company exploited the back door? Then who would have won? I'd love to examine the actual insurance policy to find out.