CIO Today reports eBay was hacked…again. Over the summer, nearly 145 million passwords were exposed, but this time hackers used a different approach to harvest data.
Limiting the Attack Surface: Why Smaller is Better
Security is always a tradeoff. No product will have zero attack surface because some code and connectivity always takes place. IT consultants need to make decisions about what is and isn't allowed, weighing the benefits and functionality against the additional dangers that come with an increased attack surface.
- Cross-site scripting (XSS). These attacks allow hackers to take authorization cookies and steal private data that users transmit via browser.
- Malvertising. Cyber criminals can embed malware in ads that use Flash. Threatpost warns that there's been a recent string of these attacks. After visiting a website with malvertising, users can be locked out of computers with a "cryptowall" that is only released when they pay a BitCoin ransom to the hackers.
Is eBay Liable for Phishing Scams?
Security professionals have been critical of eBay in the past, arguing its platform was insecure (in part because it was susceptible to code injection attacks) and it was slow to strip out bad code and repair these vulnerabilities.
A lawsuit against eBay could easily argue that the company has been "negligent," which is a legal term that means eBay should have done more. A tech firm can be found negligent and have to pay damages to its users if it…
- Falls short of its professional obligations.
- Doesn’t offer a secure web environment.
- Fails to respond quickly to vulnerabilities.
How do you protect your IT company from negligence claims? You should always respond quickly to possible security weaknesses, proactively prevent attacks, and limit attack surface. Additionally, you can cover your business with Errors and Omissions Insurance.
E&O for IT professionals offers financial security. It pays for negligence lawsuits and other professional liability claims, shielding you from expensive lawsuits. A typical Errors and Omissions Insurance policy offers over $1 million in lawsuit coverage.
To learn more about IT insurance, see our sample insurance quotes for IT contractors.