When it comes to the bad things in life there are degrees of awfulness. For instance, falling down a flight of stairs is bad. Falling down a flight of stairs in front of an important potential business partner who does not seem interested in signing on the dotted line just because someone is pitifully holding an ice pack to his or her face is worse. Life is fascinating like that.
With DDoS attacks, there are a number of factors that contribute to an attack’s awfulness – size, duration, attack type – but one of the big ones actually has little to do with the attack itself and everything to do with the target. A DDoS attack on the average website? Bad. An attack on an ecommerce site? Much worse.
The increased DDoS threat
DDoS attacks are distributed denial of service attacks, which are cyberattacks that use the collective resources of a botnet – a group of internet-connected devices that have been infected to allow for remote use – to slam a target website with malicious traffic to overwhelm it to the point that it’s too slow to use or is thumped offline altogether.
Every website that doesn’t have professional DDoS protection is at risk of these attacks, especially with their ever-increasing popularity with cyberattackers as well as the prevalence of DDoS for hire services, but ecommerce sites are especially vulnerable. This is because so many ecommerce sites experience natural increases in traffic, influxes that coincide with anticipated new product releases, special sales or holiday seasons. These natural traffic increases are already stressful to the servers of ecommerce sites, so in many cases all it takes is a nudge from an attacker and his or her botnet to render a site unavailable.
The increased DDoS consequences
Not only is it easier for attackers to successfully attack an ecommerce site, but if the goal is to damage a business, the nature of ecommerce sites makes that easier too.
For an ecommerce site, distributed denial of service attack consequences will be suffered in the short term as well as the long term. Sales are not possible during a period in which a site is offline, which means an immediate loss of revenue. Given that so many ecommerce DDoS attacks occur when a high-demand product has been released, during sale periods like Black Friday and during holiday seasons, all times when purchases need to be made quickly, it’s unlikely many customers will wait around for a site to come back online when there are so many buying options on the internet.
As bad as lost sales are for an ecommerce site, the long-term consequences of a distributed denial of service attack are even more dire. Knowing that a site they frequent for purchases hasn’t bothered to invest in the security necessary to protect against a common cyberattack like DDoS undermines the trust and loyalty customers feel for a business, which leads to customers abandoning the site in question for a competitor. That’s a customer’s entire lifetime value, lost.
Preventing the pain
A common misconception is that a website’s ISP provides DDoS protection. While it may provide some level of protection, unless a premium ISP-provided DDoS protection service is being paid for, this protection will be wholly insufficient, particularly against network-layer attacks that go chewing through bandwidth. This is a misconception that can spell disaster for an ecommerce site.
Professional DDoS protection is necessary for protecting against all types of DDoS attacks. Ecommerce sites specifically benefit from cloud-based protection that is positioned at the perimeter of the network, keeping attack traffic from ever reaching the site while allowing legitimate traffic through as usual. Cloud-based protection also provides the scalability required by ecommerce sites, especially during natural high-traffic periods.
Another option ecommerce sites may want to consider is a content delivery network (CDN), which introduces a multi-server environment that provides load balancing for high-traffic periods as well as site performance improvements that can erase the page load lag associated with secure connections. Leading CDNs also offer DDoS protection on top of the load balancing that helps accommodate major traffic influxes.
Reducing the pain…if it wasn’t prevented
There are a few reliable steps an ecommerce site can consider in the event of a successful DDoS attack in order to salvage sales and reduce the frustration felt by customers to restore loyalty, trust and the resultant revenue.
- Be upfront about the attack. Inform people via social media, email and website announcements that an attack is occurring and you are working to restore the site as quickly as possible. Provide frequent updates as well.
- Make contact information easy to find so customers can reach out and quickly receive information on what is happening.
- Use abandoned cart reporting to reach out to customers who were unable to complete their purchases because of the attack.
- Use your online chat function to complete sales if it has a different host than your website and is still running during an attack.
- Offer a discount or coupon to help make up for the trouble encountered during the attack.
Where there are degrees of awfulness, there are ways to reduce that awfulness. Any of the above steps will help, but nothing eliminates the badness that is DDoS attacks like professional protection that completely prevents it.