Cyber Monday takes place this year on the 2nd of December and marks the biggest online sales day of the year in the UK. Not only do e-tailers need to make sure their websites can cope with large volumes of traffic, but they also have to consider that during this time they become prime targets for cyber attacks. So, to help businesses prepare, Sean Power, security operations manager for DOSarrest Internet Security, offers his advice.
Start by thinking about the impact of your website being down for a day to three days and how it would affect current and prospective buyers and the reputation of your brand. Google is usually the first port of call when checking out products, so chances are high that any disruption to your web experience won’t be favourably looked upon by prospects.
Cyber criminals will often inject malware into legitimate websites with the goal of getting innocent shoppers to click on it, which will automatically trigger a download and can lead to all sorts of problems for the user. As the website owner, you may be completely unaware, but this is something that Google is cracking down on. If a website is spotted hosting malicious links, Google can blacklist it, meaning it will not show up in searches and it will temporarily remove it from the Google index. Browsers, such as Chrome, Firefox etc will also flag insecure or risky websites and that may scare away potential customers. It may take weeks of effort to get removed from blacklists and re-indexed- not something a business wants to be dealing with during prime holiday shopping season.
And if this wasn’t bad enough, the risk is actually two-fold. There are some would-be attackers that will threaten to hold your website to ransom. In this case, they will identify the holes in your website and blackmail you into paying them in order for them not to get your website blacklisted.
The best way to avoid getting blacklisted, or indeed blackmailed, is to have the website checked for malware and other infections. And it is also highly recommended to have your website scanned for known vulnerabilities. This will ensure that there are no “holes” that attackers can exploit to install malware or create watering holes for unsuspecting customers.
Another issue to avoid falling victim to is a DDoS attack. DDoS attacks bombard a website with so many external communication requests that it floods the system and overloads the server to such a point that it can no longer function, leaving the website paralysed and unable to transact business. Attacks of this nature are on the rise and it’s fair to predict that Cyber Monday will be no exception to this trend. The best start is to have a plan in place- whether it is a hardware solution that takes days to install and requires a higher up-front cost; or a provider who offers DDoS protection services that can be up and running in as little as a few hours for a monthly cost.
In addition, it’s worth noting that some good DDoS protection services will offer a caching component that will allow bursts of legitimate traffic , the kind you get with prime shopping days like Cyber Monday, to your website without negatively impacting on the server. Because it will automatically balance the load coming in, it keeps the website available to handle large amounts of sales with no disruption to your customers. So, make sure you do your research when choosing the best option for your website.
Bear in mind that, while you can get a protection service in an emergency situation, as with so many things, the best offense is a good defence, so businesses should make sure that they have a proactive DDoS solution in place before Cyber Monday to avoid any disruption to sales.
Top tips for preparing for Cyber Monday:
1) Run malware detection and anti-virus on your website to spot and clear any existing infections
2) Enlist the services of a vulnerability scanner to identify and fix any exploits in your website
3) Have proactive DDoS protection in place; either in the form of hardware or a managed service
4) Have load balancing in place to ensure your website can handle increases in transactions
About DOSarrest Internet Security: DOSarrest founded in 2007 in Vancouver, BC, Canada is one of only a couple of companies worldwide to specialize in only cloud based DDoS protection services. Their global client base includes mission critical ecommerce websites in a wide range of business segments including financial, health, media, education and government. Their innovative systems, software and exceptional service have been leading edge for over 6 years now.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.