The recent DDoS attacks wreaked havoc on the internet. What started as a more localized assault on the eastern portion of the U.S., became far more reaching mid-day on Oct. 21, when a second—and then third—wave took over. Using Mirai malware, hackers were able to bombard websites with so much traffic that it overwhelmed connections and dramatically impacted service. Eventually the issues spread far beyond the U.S. and impacted websites on a global level.

While these types of attacks typically target individual sites, this one went straight for the middle man, Dyn, which manages website domains and routes internet traffic. This made the attack more powerful, affecting 100,000 endpoints. For hours, consumers were turned away from major social media and ecommerce sites including Twitter, SoundCloud and Spotify to name a few. Additionally, businesses that rely on cloud apps and B2B technologies for payments processing and analytics, were also impacted.

We uncovered that about 20 of the top 50 retailers had issues—a startling number when you’re considering the potential loss in revenue. But e-commerce brands weren’t the only ones affected. Of the 150+ top U.S. news, social media and hospitality websites that we routinely benchmark at Dynatrace, 77 were impacted. This disruption reduced the availability of these sites to 89 percent—meaning one out of every 10 people would have been denied access.

Now, in the aftermath, we are reminded just how vulnerable digital businesses across the globe can be when it comes to cybersecurity. DDoS attacks are not only putting companies at risk of losing sensitive data, but also setting them up to lose substantial amounts of money. No digital business is immune, regardless of size, whether they’re on the web, mobile or IoT. The ones who think of these attacks as a one-time event are sorely misguided.

We can expect these major attacks to become more common, growing in their ability to create more large-scale disruption. For retailers, this means assessing your vulnerability and protecting your most important assets—revenue and reputation—from the likelihood of future disruptions, malicious or otherwise. But with websites, cloud and mobile applications becoming increasingly more interdependent and complex to manage, there are are some concrete actions retailers can take to protect their brand from the next imminent DDoS attack.   

1. Never rely on just a single domain name server: This leaves websites exposed to the risk of complete failure should a widespread DDoS attack happen again. The sites that were the least impacted during the recent events were those that had multiple DNS providers, and were not solely dependent on Dyn. When the attack hit, they were able to switch their routing and maintain optimal performance for customers accessing their sites.
2. Limit and monitor third-party hosts across desktop and mobile apps: These days more third-party hosts are embedded into applications, upping the complexity of websites. From 2015 to 2016 the average number of third-party hosts in U.S. retail websites increased by 12 percent. This means that when those hosts are underperforming, websites feels it too. Even if your DNS provider isn’t attacked, the third-party hosts in your website might be reliant on a DNS provider that was hit, compromising site performance. This happens when the website is unable to call up those features, and therefore your user experiences delays, and is met by portions of your site that simply won’t load at all.
3. Protect your website with a digital safety blanket: All companies should be safeguarding their assets with digital performance monitoring. Brands big and small should take note of just how difficult it is to monitor the increasingly complex IT and network ecosystem that underpins customer-facing digital experiences. Arming yourself with performance monitoring insights make it simple to quickly identify hidden issues and put you on the road to quickly fixing them. The sooner you know of the issue, the sooner you can deal with it. The longer an issue like this attack persists, impacted retailers will see decreased visits, fewer conversions and reduced revenue.

DDoS attacks aren’t new, but their execution is becoming more sophisticated. This recent incident is a clear indicator of just how vulnerable the internet’s infrastructure is and how critical it is to prepare for future attacks.

Dynatrace provides web performance monitoring services to 161 of North America’s Top 1000 online retailers, according to Top500Guide.com.

 

Favorite