How Retailers Can Protect Themselves From Cyber Attacks
DDoS attacks target an organization's network, infrastructure and applications by using multiple sources to generate traffic toward a target at the same time. These sources can be a part of a botnet or they can be valid servers out on the internet being used to reflect and/or magnify attack traffic. The traffic arriving at the target can saturate connectivity, impact network infrastructure (e.g., firewalls and load-balancers) and target applications directly — all dependent on the nature of the attack. Unfortunately, attackers have access to both tools and commercial services to make launching attacks easy, whatever their motivation may be. For retailers, the result is the same regardless of the attack type. If not protected, this could translate to lost revenue, increased operational cost and a damaged brand.
How to Protect Your Organization From a Cyber Attack
In the same way that retail has protected itself from physical theft with security such as CCTV and electronic tags, measures must be put in place to provide protection against cyber attacks.
The most effective form of protection comes from a combination of external services, network perimeter defenses, internal monitoring, and appropriate processes and training. All of these are equally important, however many organizations aren't adequately prepared. In fact, earlier this year research carried out by the Economist Intelligence Unit indicated that only 17 percent of surveyed organizations felt fully prepared to deal with a cyber security incident.
To deal with the DDoS threat, retailers need to take a multilayered approach to protection. This includes cloud-based protection to stop high-volume attacks, combined with on-premise protection that stops low-volume, stealthy attacks as soon as they start — and before there's any impact to the customer experience.
To deal with threats targeting customer data, organizations should monitor the communications right across their networks and use threat intelligence data from their vendors and service providers. By leveraging the skills and broader visibility of specialist security organizations, and correlating their information with network activity, retailers can get early warning of any suspicious or malicious activities that warrant further investigation.