Page 27 - Cyber Warnings
P. 27
constraints as ransom notes that a company might receive after experiencing a ransomware
attack.
Additionally, many DDoS attacks occur in conjunction with some other type of theft or data
security incident, indicating that some hackers are using the attacks as “smokescreens” to divert
attention away from their true purposes. In 2013, banks and other financial institutions suffered
millions of dollars in losses after DDoS attacks to customer websites created enough “smoke” to
allow hackers to complete fraudulent wire transfers and open unauthorized payment cards
without alerting employees. DDoS attacks have also coincided with the theft of personal data,
such as customer user names and passwords, which could trigger further legal obligations to
provide notice to customers and regulators.
In addition to parallel attacks and extortion attempts, a potentially more costly issue is the
business interruption costs that these attacks can impose on organizations. For organizations
with an e-commerce presence, the impact is clear—each minute of downtime results in fewer
sales. However, these attacks can also create downtime and internal expenses for other
organizations, including the time associated with internal efforts to restore activity as well as
non-financial consequences, like the loss of customer trust or loss of intellectual property.
Furthermore, these attacks can create potential liability to customers if an organization is not
provide services. For service providers, DDoS attacks may result in potential losses based on
contractual uptime and reliability guarantees contained in Service-Level Agreements or other
similar contract provisions. A recent survey found that the average cost of a DDoS attack on a
business was approximately $40,000 per hour.
Our Take
With the increase of these attacks in the last few months, along with the projections that they
will become much more common in the coming months and years, organizations should take
steps to prepare for, respond to, and mitigate some of the potential fall-out associated with a
DDoS attack. Outlined below are some of the steps that organizations can consider to mitigate
their exposures before, during and after a DDoS attack.
Before an Attack
Incident Response Planning. As with any potential security incident, business harms and legal
consequences of a DDoS attack can be alleviated before the attack occurs. Companies should
include in their Incident Response Plan (IRP) emergency situations like DDoS or Ransomware
attacks that have the propensity to affect critical business operations. Companies like Twitter
and Netflix, who rely on DNS service providers like Dyn to support their websites, may wish to
set up relationships with additional DNS providers that can be used in the event of website
failure following a DDoS attack.
Negotiating/Reviewing Contractual Liability. Companies should consider whether and to what
extent a loss of service would impact its contractual obligations. As outlined above for service
providers, unavailability of resources may impact uptime and reliability guarantees contained in
Service-Level Agreements or other similar contract provisions. Contracting parties should be
27 Cyber Warnings E-Magazine December 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
