As details of the hacking of VeriSign unfold, government entities and corporations of all sizes are becoming more aware of their own vulnerabilities, according to one technology expert.
That VeriSign—seen as the Fort Knox of security for .com, .net and .gov Web addresses—doesn't seem to be aware of the extent of the hacking is a major concern, says Matthew Norris, global head of technology, media and telecommunications for specialist insurer/reinsurer Hiscox.
The VeriSign attacks were revealed in a quarterly U.S. Securities and Exchange Commission filing in October, following new guidelines requiring the reporting of security breaches to investors.
“Their security is amazing,” Norris says of VeriSign, a site trusted by the U.S. government and huge organizations. “They are really well funded, their business is security, they've been around for ages. So if they've had a problem, it makes you think the old adage is true: It's not so much what you do, it's how determined the person is to cause your problem.”
Norris tells NU there are two reasons VeriSign might have been hacked: One is because the security of the company is so good that the hacker might have been driven to embarrass them. The other is that someone is trying to steal information and misuse it.
In any case, the perpetrator “must have really good resources, because normally the target is the path of least resistance—VeriSign is not the path of least resistance,” he observes. “This is not far off from Fort Knox, really.”
While the details are not yet clear, Norris says the second reason seems to be that companies like this are very tempting targets, “bearing in mind how many certification authorities have been targeted in the last year.”
The most unnerving aspect, says Norris, is that the SEC's disclosure system didn't work. First of all, he notes, the breach was disclosed too late, about a year after the hack. And secondly, the disclosure requirements do not give enough detail: “Even if it had been timely, there is just so little detail that has emerged.”
Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader
Your access to unlimited PropertyCasualty360 content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking insurance news and analysis, on-site and via our newsletters and custom alerts
- Weekly Insurance Speak podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical converage of the employee benefits and financial advisory markets on our other ALM sites, BenefitsPRO and ThinkAdvisor
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
