Cover Story: How to Prepare for Web Attacks This Holiday Season
The time to begin preparing for the 2014 holiday season is upon us. Last Cyber Monday, Akamai's data showed that retailers experienced record-breaking traffic at the rate of 11.2 million views per minute. While most of this traffic represented legitimate requests, malicious requests designed to steal or manipulate data spiked even higher than legitimate requests over the holiday period.
Akamai tracked a 47 percent increase in the number of Distributed Denial of Service (DDoS) attacks in the first quarter of 2014 compared to last year's first quarter, and a 133 percent increase in average attack bandwidth over the same period. These increases indicate that retailers should focus just as much on preparing for not only good traffic spikes, but malicious traffic spikes as well.
DDoS attacks are one of the most common threats that online retailers face. They can originate from a number of sources and attempt to bring down a website by flooding the site's server or uplink with more requests than it can handle. If allowed to proceed unchecked, DDoS attack traffic can produce results ranging from slow page loads to a complete blockage of legitimate site traffic, which could lead to revenue loss during the busiest time of the year.
Defend against DDoS attacks by working with your networking teams to run site load tests to ensure it can handle peak holiday traffic. However, peak holiday traffic is nothing compared to the amount of traffic that an attacker can direct at your website in an attempt to knock your site offline. To prepare your site for this type of attack, request an update from your network infrastructure team regarding your DDoS attack mitigation capacity. Once you have this information, you should then consider upgrading your network firewall hardware or look into a cloud-based web security solution that's able to defend against the largest attacks.
Web attackers will also try to capitalize on peak holiday traffic to sneak past web application firewalls in order to steal customer data or merchandise. Ensure that your web application firewall rules are up-to-date. Also, consider running a scan of your website to check for new security vulnerabilities, as well as analyzing your false positive rates to ensure that your firewall rules aren't denying legitimate users access to your website. Online retailers continue to face a complex selling environment that's constantly evolving to adapt to customers' wants and needs. With the right resources and preparation, you can ensure a safe and successful holiday shopping season in 2014.