Last Friday, October 21, we got another dose of cyber reality when a massive attack affected Twitter, Netflix, Amazon, the New York Times, and other major corporations and their websites.
The cause of the outages? A favorite weapon among cyber thieves – the distributed denial of service (DDoS) attack. With this tactic, a company’s server is intentionally overloaded with requests in an attempt to shut down the target's website or network system. This creates a flood of fake traffic that overwhelms the system, keeps legitimate users from being able to access those websites or networks, and can result in a partial or complete shutdown of the company’s business operations.
Sneaking in the back way
Here’s the kicker: the hackers didn’t target these companies’ systems directly. In other words, they didn’t come right through the front door. They snuck in the back way by targeting another company that’s connected to all of these corporate giants. The DDoS attacks were directed at a company called Dyn Inc., which acts as the Domain Name Server (DNS) provider for all of these companies and facilitates the loading of their webpages.
This “back door” cyber attack is a chilling reminder that cyber crimes are evolving and getting more sophisticated. With the trend to connect everyday items to the internet – remote cameras, security systems, baby monitors, lights, and even refrigerators – our vulnerability to hackers and cyber crimes is only growing. In fact, the hackers that attacked on Friday used millions of these types of “internet of things” devices found in homes and offices to facilitate their massive attack.
It’s clear cyber crimes are escalating. Are your cyber defenses escalating along with the threat, or are you painting a target on your own back?
Think about it. If hackers can wreak havoc on major companies like Twitter, Amazon, and the New York Times, how much trouble do you think they’ll have hacking your system? In fact, small businesses are increasingly in the crosshairs, precisely because they lack the same resources and manpower large corporations have.
But while you may not have the resources a company like Amazon has, don’t paint a target on your back by making these common mistakes:
- Failing to educate yourself. Disaster can come in so many forms – advanced persistent threats (APT), Distributed Denial of Service (DDoS), phishing attacks, insider attacks, email scams, malware, password attacks, and more. Educate yourself and your employees about how cybercriminals can infiltrate your system.
- Not planning for an attack. Many businesses don’t have a plan for responding to a security breach, whether they lack the commitment, don’t perceive it as a real threat, or some other reason. But technology and hacking techniques are evolving, and the likelihood of a cyberattack continues to increase. Those without a plan will be the most devastated by an attack.
- Assuming you’re covered. Many business owners think the government will cover them if their business bank accounts gets hacked, or that their General Liability insurance will cover them in case of a data breach. Both are false. Federal regulations protect only personal financial accounts from fraud, and GL coverage doesn't cover losses due to data breaches or exposure by third-party service providers.
- Failing to monitor the “insider threat.” It’s hard to think of your employees or business partners betraying your company, but it happens more often than you might think. An employee who is accessing information in systems more frequently than usual, conducting broad and frequent searches within and across applications, or accessing systems without completing transactions as usual may be trying to commit fraud.
Protection is no longer an option
Cyber threats are evolving and no business is immune, so awareness and protection are critical. Be smart about cyber risk management, including having the right insurance protection. Contact Heffernan Insurance Brokers. We’ll help you choose cyber liability insurance protection that fits your needs – and your budget.