No, Virginia, there's no denying there is a Santa Claus. There's also no denying the threat that distributed denial of service (DDoS) presents to retailers and eCommerce sites during the holidays.
Nothing says "happy holidays" like a multivector DDoS attack against your digital properties during the busiest shopping season of the year. Like holiday spending activity, industry DDoS attack metrics are difficult to predict. Volumes can trend upward and then mysteriously die off. The trends are only obvious after the attack campaigns have ended.
As part of our Holiday 2019 retail series, Researcher Madeline Cyr interviewed Forrester security and risk analysts David Holmes and Joseph Blankenship to help retailers understand the threat of DDoS attacks during the upcoming holiday retail season.
Q. Last year, DDoS attacks on eCommerce sites peaked during Black Friday weekend. Could a DDoS attack wipe out Black Friday/Cyber Monday online sales?
Joseph: DDoS attacks happen against eCommerce digital properties every year, though it's usually impossible to predict who the exact victims will be.
We've heard from DDoS service protection vendor Radware that the typical reasons for service outages involving retailers/eCommerce include:
Q. What strategy and technology protections do retailers need to have in place now to thwart DDoS attacks?
David: The most important advice is that retailers should seek a DDoS protection agreement before an attack occurs and to work with the service to set up your clean traffic tunnels during business as usual. Trying to combat a DDoS attack with no protection in place is a stress-inducing nightmare that no IT team wants to contemplate during peak season. There's also the potential impact on sales if a site is unresponsive or slow during the critical buying season. And many DDoS protection providers charge a five-figure premium to put protections in place during an attack; configuring the protection is much more difficult when the retail services cannot be reached.
Q. If you are hit with an attack, how do you get your site back online?
David: Most modern eCommerce retailers will have migrated to a cloud service or content delivery network (CDN), and these services usually have integrated DDoS protection. In some cases, the attached protection services are gratis, though Forrester has heard that their quality can be inconsistent.
This post was written by Senior Research Analyst David Holmes, VP, Research Director Joseph Blankenship, and Researcher Madeline Cyr. It originally appeared here.