The security and risk management site CSO Online reports that 75 U.S. airports have been affected by cyber attacks, and four airports received "advanced persistent attacks" – a sign that hackers are beginning to target air traffic control systems, potentially endangering the lives of countless travelers.
News like this is terrifying. We've long heard that the next wave of terrorism and warfare could come from cyber attacks. President Obama has emphasized this throughout his national security speeches. But we are now seeing evidence of this new threat.
While the national security implications for this are huge, let's focus on what this means for IT consultants. Sure, you probably don't sell IT solutions to airports or major government infrastructure, but you can face new kinds of lawsuits when cyber attacks cause physical damage or endanger people's lives.
How a Computer Worm Damaged a Nuclear Reactor
IT security consultants are starting to see how problems with software can lead to physical risks. Bad code can cause a manufacturer's machines to malfunction and become permanently damaged. Hackers used this technique to damage Iran's nuclear facilities, infecting their computers with the Stuxnet worm, which caused the enrichment centrifuges to spin in such a way that they suffered permanent damage.
The takeaway from these new kinds of threats is that IT companies can be sued for more than just data breaches and software errors. You can also be liable for injuries and property damage caused by malfunctioning equipment. In fact, insurance companies are now responding to new risks by insuring against these damages (see our write-up: "Good News for Your Clients: Cyber Coverage Is Expanding").
These liabilities are expected to increase as the "Internet of Things" expands. With thermostats, refrigerators, and all sorts of other basic technology controllable online, you could be liable if they malfunction. For instance, if a grocery store's refrigeration is infected with malware and thousands of dollars of product spoils, you could be sued for its lost inventory and diminished revenue.
The Scariest Thing about New Cyber Attacks: They're Easy to Pull Off
If you think these new attacks aimed at airports and national security are more sophisticated, you're wrong. Actually, multiple airports were attacked with simple email phishing campaigns, where hackers include malware or malicious links in an email.
Yep, the same unsophisticated attacks that put a virus on your Aunt Bertha's computer after she opened an email about cute cat pictures could take down a major U.S. airport.
Why are these simplistic attacks so effective? We've profiled these attacks in our article "Re: Your Recent Spear Phishing Attack" and found that they work time and time again simply because it only takes one user to make a mistake and open an email they shouldn't have. And every company has an "Aunt Bertha."
User error is a risk that's hard to minimize. Many work environments haven't invested in email sandboxing, virtualization, and other security programs to insulate networks from malware.
How to Protect Your IT Business from Future Lawsuits
The good news for IT consultants and programmers is that Technology Errors and Omissions Insurance can cover the cost of a lawsuit if your IT solutions lead to a loss suffered by your clients.
E&O Insurance covers your legal fees. If you lose a lawsuit and a judge rules that you owe money to clients for damages your software caused, E&O Insurance pays for those expenses as well.
Visit our IT Insurance cost estimates page for sample insurance quotes for IT businesses.