Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cyber Insurance Between the Lines

Posted by timothy on from the door-hit-rear-on-way-out dept.

Shackleford writes "Security Focus has an article that discusses insurance policies regarding 'computer attacks and cyber sabotage.' It discusses a case in which an administrator who set up back doors in the system with which he was trusted deleted files to which he could access after he was fired. His company had insurance against dishonest acts by employees, but not against 'acts of destruction.' Eventaully, the company won, but the case went to litigation. So the lesson to be learned here is that your company may have 'cyber insurance' without knowing it, but you need to be sure about it."

9 of 89 comments (clear)

  1. "Acts of god" by Anonymous Coward · · Score: 5, Funny

    If you're the system god, would this violate the insurance policy?

  2. Do Admins leave Backdoors a lot? by Puchku · · Score: 4, Interesting

    Always wanted to know this. I am a sysadmin for a College (i'm a student there), and I always leave a backdoor or two in case of emergencies. like someome else chaniging the root passwords etc. Does anyone else do this, or is it just me?

    1. Re:Do Admins leave Backdoors a lot? by Jetson · · Score: 4, Insightful

      If you have the ability to add a back-door you will also (in most cases) have the ability to recover from a lost password without *needing* a back door.

    2. Re:Do Admins leave Backdoors a lot? by James+Littiebrant · · Score: 4, Informative

      That would sound like a good idea, but it is not the best idea. I know how a hacker can get into computers (because I am one) and installing a backdoor on your server/computers is a deadly mistake. A simple scan from a hacker in theory could uncover that backdoor, then you are screwed. Instead I would recommend that you get a physical switch that resets the root password to a prespecified number or character. Where you can get these? I am sorry to say that I do not know where. I do know that they have been made bacause one of my friends has built one for his computer, with some programming and mod experiance you could build one too. I for one will never install a backdoor on MY servers.

    3. Re:Do Admins leave Backdoors a lot? by PetWolverine · · Score: 5, Funny

      I know how a hacker can get into computers (because I am one)

      What advances A.I. researchers have made recently, that computers can post comments to /.!

      --
      I found the meaning of life the other day, but I had write-only access.
  3. No wonder insurance is so expensive. by Sheetrock · · Score: 3, Insightful
    I don't know how much hand-holding people need, but this kind of thing goes a bit far. If you've got a troublesome ex-employee, I'd think they should be able to handle something like this with a civil suit. Instead, it's pulled out of insurance, which drives up all our premiums.

    Fantastic. And with litigation costs to boot.

    --

    Try not. Do or do not, there is no try.
    -- Dr. Spock, stardate 2822-3.




    1. Re:No wonder insurance is so expensive. by mlyle · · Score: 3, Insightful

      Assuming the ex-employee has the resources to pay damages, and that you can collect them.

      Insurance companies in most contracts are allowed to subrogate; that is, when they pay damages to you, they inherit all of your rights regarding that claim-- and can choose to go and sue the employee themselves if they think it's worthwhile.

      This is what insurance is for, really.

  4. Re:dishonest acts by employees? by The+Jonas · · Score: 3, Insightful

    IANAL, however I think the case may have been won by the fact that the "backdoors" were put in place while the offender was employed with the company. Therefore, they might have been able to prove malicious intent or something like that.

  5. Insurance... by NickisGod.com · · Score: 4, Insightful

    Insurance is one of the biggest vains the U.S. is facing today. You name it, car insurance, workman's comp, homeowners, cyber, etc.

    Beside's it being legalized gambling, whenever something does happen, these companies try to get out of paying and point fingers at fraud.

    There has to be a better way.

    P.S. Is it this bad in other parts of the world, or are there "better systems" in place?