Cyber attacks can come in a variety of formats and can be designed to accomplish anything from blocking access to files, infecting systems, to stealing information.
Here is a brief (and fairly basic) description of the 3 most common types of attack:
- Denial of Service, or DoS
This type of attack is designed to stop you from accessing your system’s resources by pushing through a large number of requests simultaneously. The system becomes overwhelmed with all the requests and times out – effectively locking users out.
However, the attacker does not gain access to your files or system. The only benefit is to take you out of the picture – which could give them a competitive edge or set you up for a different kind of attack.
- Session Hijacking
This type of attack is often used in conjunction with a DoS as it requires the hijacker to cause their victim to lose connection with their server by overwhelming the server with requests to connect. Once the victim loses connection the hijacker inserts themselves by spoofing the victim’s IP address. The server now believes it is communicating with the victim’s computer but is actually receiving information from the hijacker and acting upon their requests.
This type of attack is commonly used to trick people into downloading malware or sharing confidential information. Generally, it is executed via email which has been spoofed to make it appear it comes from a trusted contact and includes links to illegitimate websites (to trick you into entering personal information) or attachments that require downloads which are infected with malware. Skilled attackers design their emails to seem credible and may even research their intended victim prior to launching this kind of assault. It is not uncommon for them to play on your emotions, creating a sense of panic or urgency to encourage you to click a link or download a file before you have time to consider the danger.
These attacks can cause business interruption by taking you offline or interfering with your ability to access your computer and point of sale systems. They can also be the precursor for a ransomware attack in which the cybercriminal holds your system/data hostage until a ransom is paid.
Should your business be unable to perform normal business operations due to a cyber event, a cyber liability policy can help pay for expenses related to an interruption, including:
- Lost income that would have been generated had the cyber event not occurred.
- Operating Expenses that must be paid regardless of whether your business is closed or open.
- Rented or leased equipment needed to “work around” the interruption.
Cyber Liability coverage can also help in the event of:
- Data Breaches
- Notifying customers
- Legal costs
- Credit monitoring of affected clients
- Damages to a third party
- Spreading the infection to customers or vendors
- Data loss due to malicious activity
- Extortion or ransomware