CNET reports that distributed denial of service (DDoS) attacks have occurred at an unprecedented rate in the first half of 2014. This year has already had more than twice the amount that occurred in all of 2013.
DDoS attacks create all sorts of problems for IT consultants and their clients. While an attack might not target your clients directly, it can be aimed at a cloud-based IT solution or SaaS that your client needs to run their company. This year, we've seen attacks on TypePad, SalesForce, and other web services, leading to outages and lost revenue for the attacked web service and its clients.
As an IT contractor, you often rely on cloud storage, SaaS, web apps, and other IT services that are particularly vulnerable to DDoS attacks. Because these attacks are becoming more common, now is a good time to learn how you can minimize your liability if your clients are targeted.
Cloudy with a Chance of DDoS
While the cloud has delivered some huge benefits to IT, it's also exposed businesses to more DDoS risk. Because numerous IT and business functions are cloud-sourced, cyber criminals know that if they attack the cloud provider, they'll be able to cause all sorts of trouble.
Here’s the kind of trouble we’re talking about:
- Ransom attacks. In April, cyber criminals brought down TypePad in an attempt to extract money from the web-hosting company. We've seen a rise in ransom DDoS attacks in which hackers shut down a big cloud service provider and relent only if the company pays a bounty.
- Repair time. Companies often opt to find and repair the flaw that allowed the DDoS attack, but that can take days. When hackers shut down TypePad, it took 5 days for the popular web-hosting company to fix the issue and get up and running.
To read more about your liability for outages, read, “Web Host Liabilities: How Hackers Can Shut Down Your Clients’ Website.”
Why Are DDoS Attacks Increasing?
If you’re wondering how many attacks there are, Arbor Networks posts a DDoS report updated in real time. The company estimates that 5,000 attacks take place daily against U.S. targets. Of course, only a small percentage of those attacks end up wreaking havoc.
Consider this list of companies and web services that have been shut down by DDoS attacks this year:
DDoS attacks are simply a matter of outmuscling a web host's servers and security software, so when attacks get stronger, they are more likely to succeed. This year, the number of attacks larger than 100 Gbps were staggering.
How DDoS Can Shut Down a Business for Good
PC Magazine reports that CodeSpaces.com, a popular code-hosting site, was crippled and breached by a DDoS attack. The attacker was able to gain access to the company's cloud service control panel, and when Code Spaces refused to pay a ransom, the hackers deleted the company's data and backups.
With its data gone, Code Spaces was forced to close its business, citing irreparable damage to its reputation.
What Are Your Legal Risks If a DDoS Attack Targets Your Client?
Imagine cyber criminals bludgeon your client's web-hosting service, gain access to their data, and try to extort them for money. When they aren't paid, the criminals delete your client's data.
The cyber attack at Code Spaces only lasted 12 hours, but it decimated the company. If your client were to lose all its customer and proprietary data, the company could sue you for lost revenue, damages to its reputation, and other financial losses.
Fortunately, IT contractors can get Professional Liability Insurance, which pays for lawsuits over DDoS attacks, outages, security breaches, data loss, and other problems with IT and cloud-based solutions.
For free quotes on insurance to protect your business from an IT lawsuit, submit an online insurance application.