The Risks of DDoS Attacks and 4 Ways to Fortify Your Defenses This Holiday Season

The holiday season is the Super Bowl for retailers, with November and December accounting for 19 percent of total retail sales — even higher for some retailers — in the last five years. Since online purchasing comprises nearly 40 percent of holiday shopping, retailers can't afford to lose sales and frustrate consumers through website outages.

Unfortunately, the threat of experiencing a cyber attack is real. Zayo data shows retail as a top three industry experiencing the largest and most costly Distributed Denial of Service (DDoS) attacks. The impacts of these attacks are severe, including lost revenue, operational disruptions and long-lasting reputational damage.

Retailers must defend themselves against these cyberattacks or put their businesses at risk during the most critical sales season.

What is a DDoS Attack? 

Put simply, DDoS attacks cause digital chaos. Customers, staff and associates can't access retailer online information. Websites remain unresponsive, inventory location information is unavailable, customers encounter errors, communications infrastructure weakens, and businesses stand still.

DDoS attacks overwhelm networks by flooding them with incoming traffic and are often used in ransom strategies.

Why Are Attackers Targeting Retail?

Retail has become a lucrative target for DDoS attacks, with cybercriminals leveraging these tactics for various reasons — from sabotaging operations to erode customer trust and gain a competitive advantage to even more extreme cases like extorting ransom or furthering ideological agendas.

Zayo’s State of DDoS Attacks report revealed that DDoS attacks on retail increased 170% year-over-year. Key contributors to this rise include:

• Increased reliance on e-commerce: DDoS attacks can completely halt operations and transactions. And if you take into account the nearly 200 million consumers shopping online on peak days like Black Friday and Cyber Monday, that could mean a catastrophic loss of sales for a retailer.
• Evolving sophistication of attacks: As DDoS tactics become more advanced through automation, machine learning (ML) and distributed attacks, they evade legacy security tools. Also, attackers can more easily and cost effectively execute these tactics with even greater impact.
• High profitability: The average DDoS attack costs small businesses $8,000 to $74,000 for each hour of downtime, while the cost for larger retailers can reach up to $120,000. With experts predicting a rise in holiday shopping this year, downtime can hugely impact retailers’ bottom lines.
• Knowledge gap: Many retailers lack awareness of a DDoS threat. They underestimate both their vulnerability and the crippling business impacts.

How Can Retailers Protect Themselves and Their Customers From DDoS Attacks?

The grim truth is it’s not a matter of if but when a retailer will experience a DDoS attack. However, with the right protections and procedures in place, retailers can significantly improve their odds of weathering the impacts:

1. Don’t skimp on protection. Firewalls alone are no longer enough. Retailers need multilayer solutions utilizing DDoS prevention tools.
2. Enable real-time threat monitoring. Early detection of unusual patterns is key to minimizing the impact of a DDoS attack. Both log and traffic monitoring can establish a normal activity baseline to quickly catch unusual spikes or requests indicating a potential attack.
3. Be proactive. Start employing strategies and website best practices such as using attack surface reduction, utilizing a caching provider, or an anycast network. Prepare a playbook with mitigation strategies, internal/external communications protocols, and escalation procedures to address attacks head-on.
4. Keep security a priority. Prepare for various attack scenarios through practice runs. Empower all employees to spot and report unusual activity indicative of an attack.

DDoS protection is now a necessity, not a luxury. Companies strategically investing in robust IT infrastructure and cybersecurity will have a successful, outage-free holiday season. Those that don't may end up on hackers' naughty list come December.

A software engineering executive with a product focus, Anna Claiborne serves as Zayo Group's senior vice president of packet and product software engineering, where she leads product management for the company’s network connectivity products.