In the last two weeks, we've read about a number of high-profile DDoS attacks.
A blog at the IT performance solution company ThousandEyes profiles how a recent DDoS attack brought down a few of Neustar's big name SaaS clients, including Salesforce and RingCentral. The outages caused some of their customers to lose access for over 13 hours, a lifetime in today's e-commerce world.
This DDoS attack was launched on the UltraDNS service managed by Neustar, one of the leading domain name server companies in the country. In fact, the company claims that UltraDNS can offer “100 percent uptime” – a claim it fell short of during the 13-hour outage.
Additionally, Threatpost reports that PointDNS was also hit with a DDoS attack late last week, causing thousands of its web customers to lose access to their websites and web services.
While DDoS attacks are nothing new, seeing these two major attacks in the span of a couple weeks highlights two risk management issues for IT project managers:
- Even the biggest companies that claim 100 percent uptime can suffer an outage.
- Outages can cause businesses to lose vital IT functions (such as products that manage a business’s sales). The loss of these services can mean a loss of revenue, damage to a company's reputation, and lawsuits filed against the IT consultant who recommended the service.
Why No Company Is Immune to Cyber Attacks
Forgive us if we're beating a dead horse, but the last six months have shown why all companies can be affected by cyber attacks.
In both stories we mentioned today, a major DNS provider was hit with a DDoS attack, which led to a cascade of outages at some of the most prominent cloud-based IT solutions.
This year also saw the Target data breach (caused by a hack on a vendor that worked with the retail giant) and a hack of the front page of The New York Times (caused by a flaw in its link manager system).
The efficiency of the cloud and outsourced IT solutions is not without risk: when businesses are interconnected, your clients can be shut down by an attack on one of the companies they work with.
To learn more about risks from vendors and outsourced IT solutions, see "Help Your Clients Understand the Risks of Third-Party Contractors."
Liability and Service Outages: What Can IT Professionals Be Sued For?
IT professionals face a dilemma. They can't do everything themselves, so they use outside vendors. But when they do, they can be liable for outages and security flaws in the vendors’ products.
Say you recommended Salesforce to a client. However, the recent UltraDNS outage coincided with your client's big springtime sale, causing them to lose thousands of dollars in sales revenue and suffer long-term losses because of their damaged reputation. Even though you're not directly responsible for the outage, you can be sued when clients look to recoup their losses.
Small Business Insurance to Protect Your Company from Third-Party Liability and Outage Lawsuits
The good news is that some insurance companies understand IT consultants have additional risks. If you work with an insurance company that knows the IT industry, you can get a malpractice policy (aka Errors and Omissions Insurance) to cover lawsuits when clients sue you over…
- Your own mistakes.
- The errors and outages caused by third-party vendors.
E&O Insurance covers expenses related to these lawsuits, including legal fees, damages, and other costs. For more on E&O coverage, check out our E&O Insurance cost estimates for IT professionals.
