Maintaining a Website in the Age of Cyber Attacks

By Shawn Dougherty March 3, 2014

Shawn DoughertyIt happens all the time. A popular website suddenly goes down, leaving frustrated users with a message that states the obvious: “Our service is temporarily down for maintenance.” Sometimes, the maintenance is routine. But other times, hackers use malicious software, or malware, to shut down a website in what’s known as a denial-of-service (DoS) attack. When multiple computers participate in an attack and overload a system, it’s called a distributed denial-of-service (DDoS) attack.

New DDoS attacks are occurring all the time. Just consider some of the most recent victims:

The United Kingdom’s Ministry of Justice: The website of the U.K.’s Ministry of Justice was taken down for several hours following a DDoS attack on February 12. The hackers who claimed responsibility for the attack said they targeted the Ministry because it hadn’t disapproved of the U.S. National Security Agency’s controversial surveillance program.

Angel Soft: A man from Postville, Iowa, was sentenced in February to two years’ probation and ordered to pay more than $110,000 in restitution after participating in a DDoS attack on the Angel Soft products website. According to reports, the attack disrupted the website after causing 196,471 hits in a little over two hours.

BitStamp.com: The world’s biggest bitcoin exchange, BitStamp.com, stopped withdrawals of the virtual currency after a DDoS attack. The company said the attack involved changing transaction information as an attempt to steal the virtual currency.

Unfortunately, DDoS attacks only continue to grow and are becoming more ambitious. The best way to protect a company is to continue to use safe computing practices that include installing antivirus software and avoiding suspicious e-mails and attachments. But insurers also provide cyber coverage for lost business income or expenses if a company’s website unexpectedly stops or slows down because of a DDoS attack or if the company shuts down its site to avoid a computer virus from spreading.

If you’re worried about DDoS attacks or would like to learn more about other aspects of cyber-liability insurance, feel free to e-mail me at sdougherty@iso.com. Also, make sure to follow me on Twitter @doughertyshawn.

Stay tuned for the next blog post in our Cyber Monday Series.


Shawn Dougherty

Shawn Dougherty is the assistant vice president of ISO's Specialty Commercial Lines Division. He is responsible for providing the overall direction, leadership, and client service for ISO's cyber liability (e-commerce), D&O (management protection), businessowners, crime and fidelity, financial institutions, employment-related practices liability, and professional liability (other than medical) insurance programs. He is also the ISO product manager for the Lloyd's Wordings Repository, an electronic database of policy wordings and clauses regularly used within the London market. Mr. Dougherty has worked at ISO since 1988.