Hacksurfer reports that cyber criminals are using DDoS (distributed denial-of-service) attacks as a way to hold small businesses ransom. In a move that would make a schoolyard bully proud, hackers flood a website with traffic, force it to shut down, and only relent when the webhost says "uncle" and pays a ransom.
For years, hackers only used DDoS attacks to shut down websites, but now that they've figured out they can use this technique to extort money from businesses. We've seen them target many web-service providers including Evernote, Feedly, SalesForce, and other operations that need to run 24/7.
With so many small businesses relying on web-based IT infrastructure, these attacks can cripple your clients' basic business functions, causing them to lose revenue, shut down, and even sue their IT consultant.
So how do you protect your IT company from the risks of a DDoS attack? Let's a take a closer look at how these attacks occur and what you can do to limit your risk exposure.
Can a DDoS Attack Affect My Clients? (Answer: Yes.)
A DDoS can affect your clients in many ways, including…
- Shutting down SaaS IT solutions.
- Shutting down the webhosting company that hosts a client's site, web apps, or SaaS.
- Directly targeting a client's site.
With cloud-based solutions becoming more common, DDoS risks have actually increased. Before, it made little sense for a hacker to target your small-business clients. Now, they can simply target one of the big-name webhosts or cloud service providers. Your clients are simply the collateral damage.
This isn't just theory. We're starting to see a trend. Between September 2013 and June 2014, there were 4,000 DDoS attacks on the information technology sector. IT was nearly three times more likely to be hit with a DDoS attack than any other sector.
If you want an example of a DDoS attack targeting an IT company, look no further than the recent attack that shut down SalesForce (see our full analysis in "DDoS Attack Shuts Down SalesForce, Exposes IT Department to Liability").
When you set up SalesForce or other SaaS for your client, you become liable for that IT solution, even though it's not your product. Data loss, down time, and other issues could cause your clients to lose revenue or customers. When those losses are directly related to the professional work you did, you can be held partially liable for them.
How Does Professional Liability Insurance Cover Your Cyber Liability?
What happens if a client's IT is shut down by a DDoS attack? Consultants and IT contractors can cover their liability with Professional Liability Insurance. Professional Liability Insurance for IT professionals covers your legal expenses when clients file lawsuits against your IT firm. This includes coverage for damages, settlements, lost profit claims, and lawyers’ fees.
Say a client's sales service is shut down for a week due to a DDoS attack. If the attack coincides with a busy season for sales (as many cyber attacks do), your client could lose tens of thousands in sales and suffer damage to their reputation, leading them to file a lawsuit against your business.
In this situation, your Professional Liability coverage would pay for your legal representation, court costs, and the damages you owe the client. The typical IT Professional Liability policy covers up to $1 million of these damages.
Webhost Insurance note: if your IT company offers webhosting services and could be directly hit with a DDoS attack, you should consider adding Cyber Liability Insurance to cover your network liabilities.