As an online business, you have the responsibility of ensuring the safety of your customers’ hard-earned money from DDoS attacks. Unfortunately, hackers are making it harder to fulfill that responsibility. Verizon’s 2017 Data Breach Investigations Report found that the e-commerce industry falls victim to cyberattacks more than any other industry. In some cases, hackers are looking to extort money from your company. In others, they’re coming at your business as a form of industrial sabotage.
One of the most common strategies used to carry out these intrusions is a distributed denial of service attack. Digital Trends reported that the frequency of DDoS attacks increased by threefold in 2016. These attacks typically take on one of three forms: protocol, volume-based, or application layer attacks. Each uses a different method to overload your network, but the results are the same: chaos.
Sizing Up the Threat
To put the threat of DDoS attacks in context, just imagine if the online component of your business were disabled for hours, minutes, or even seconds. Depending on the size of the company, this loss of service could cost as much as $250,000 per hour — maybe more.
DDoS attacks have become so common because of their ability to draw attention away from other activities. While your IT department is busy trying to restore a service brought down by a DDoS attack, hackers might be using other channels to steal your customers’ financial data via other application layer attacks.
This was first made troublingly clear back in 2014 when JPMorgan Chase was hacked, jeopardizing the financial accounts of 76 million households. The ensuing investigation revealed that the hackers responsible also targeted 13 other financial firms, consisting of payroll processors, stock brokerages, and international banks. And this was just the start — attacks have been making headlines since then.
Protecting Your Company
If generating revenue online is your main activity, you are a target. You simply cannot assume your company is safe. Here are a few simple steps designed to help you prepare for a DDoS attack:
- Conduct regular network security audits.A network security audit will tell you how vulnerable your company’s network is to attack. The strength of passwords, who has access to what data, and whether software is up to date are just a few things a network security audit will tell you.
- Patch your servers. Unpatched servers were largely to blame for the recent WannaCry ransomware attack. Without up-to-date patches, hackers will be able to exploit weaknesses that are completely avoidable.
- Practice a secure development life cycle.Although your customers value apps, they also represent a point of entry for hackers. If you offer an app, you must make cybersecurity a core component of the development life cycle. Several SDLC protocols have been developed over the years to give developers flexibility while keeping network safety a priority. Choose one, and make sure it’s followed.
- Develop an incident response plan. Your cybersecurity strategy must make provisions for intrusions that manage to breach the defenses of your network. An incident response plan details the staff, resources, technologies, and protocols necessary to mitigate the damage of an attack.
- Implement a content delivery network and web application firewall.Because most DDoS attacks utilize crippling amounts of traffic, a CDN, which can offload up to 99 percent of your web traffic, is a reliable way to deflect the threat. Implementing a WAF can help protect your site against threats that rely on more sophisticated exploits.
If you haven’t taken substantial steps to safeguard your company, you’re putting not only your business at risk, but also the financial security of your customers. Take the threat of DDoS attacks seriously to avoid putting your future in peril.