Defending Against DDoS During the Shopping Season

As the Holiday shopping season approaches, retailers are gearing up for Black Friday, traditionally their busiest day of the year. In recent years, Cyber Monday has become just as important, with more and more buyers preferring to do their shopping online the Monday after Thanksgiving instead of in stores the day after.

The growing reliance on web-based transactions puts a burden on retailers to provide fast, reliable connections through their websites and, increasingly, mobile apps. Enough bandwidth is necessary to handle the extra volume – and the sites must be properly secured.

In light of the recent massive DDoS (Distributed Denial of Service) attacks, security has to be a priority for retailers this shopping season.

The Oct. 21 DDoS attacks started on the East Coast in the morning and rolled westward, preventing user access for hours to popular websites such as Twitter, Netflix, Spotify, Airbnb, Reddit, SoundCloud and the New York Times. The attacks targeted Dyn, a Manchester, New Hampshire-based DNS provider. Because DNS providers control the infrastructure for Internet connections, an attack on their servers has a wider impact.

Security Discussions

For IT solution providers, the attacks served as a reminder of the cybersecurity risks clients face day in and day out. You should be talking to clients about protecting their businesses against DDoS and other cyber risks.

DDoS is especially relevant to clients in retail as the shopping season gets under way. Should attackers target retail websites at this time of year, the results could be devastating since retailers typically count on holiday shopping for 20 percent of their annual sales.

Cyber attackers are getting more sophisticated by the day, so your clients need a solid multilayered defense strategy to protect their businesses. Defending against DDoS is tricky because the idea is to flood servers with so much traffic until they crash. But your clients aren’t helpless against this threat. Here are three concrete ways you can help them:

1. Establish expertise

Show clients you understand their security challenges and have the expertise to help them. In discussing DDoS, explain how it works and its potential to disrupt business operations. Security vendor Kaspersky Lab estimates a DDoS attack costs unprotected customers between $52,000 and $440,000, depending on the target company’s size.

2. Plan a strategy

Start by reviewing your clients’ cyber defense technologies and procedures to ensure their security plans and solutions are up-to-date. Come up with a plan to fill security holes by installing any missing security patches and managing them going forward. Outdated software and systems create vulnerabilities hackers exploit to break into networks.

3. Implement multilayered security

Defending against DDoS requires a multilayered approach. It starts with updating routers and firewalls. Businesses also need traffic monitoring and filtering tools that can help divert malicious traffic, detect anomalies, issue alerts if an attack occurs, and initiate mitigation to minimize damage. Intrusion detection solutions can be useful by identifying anomalies that point to potential hostile activity. As part of a comprehensive DDoS defense strategy, advise your clients to take advantage of solutions provided by their ISPs specifically designed to divert DDoS. ISPs can reroute traffic to avert the brunt of an attack.

More to Come

The Oct. 21 attacks could be a sign of things to come. The perpetrators didn’t just use computers to carry out their assault; they also co-opted IoT-connected devices such as baby monitors and web-based security cameras to overwhelm Dyn’s servers. You can bet more attacks are being planned as we speak, so help your clients prepare for them by shoring up DDoS defenses.

To stay up to speed on these trends and access additional resources for your business, check out our Channel Partner Program.