Distributed denial of service. It sounds like a boring term, joining a laundry list of IT concepts that may or may not deserve your full attention. Well, increasingly, the threat of a DDoS absolutely does deserve your attention. Just ask any of the thousands of stores that lost sales on October 21, 2016, because they were taken offline by a botnet.
- A DDoS is a Traffic Jam of Driverless Cars
- Why Worry about DDoS?
- DDoS Blocks You from Your Customers
- 9 Ways You Can Get Back Sales After a DDoS
- Free DDoS Protection with Your Hosting?
A DDoS is a Traffic Jam of Driverless Cars
A DDoS attack can be formulated in various ways, but the basic idea is to barrage a website with a huge number of bogus requests – in essence, creating a nearly motionless Internet traffic jam with cars that don’t have any people in them.
In other words, the fake requests inundate the site to such an extent that the site’s infrastructure can’t operate properly. Your real users aren’t able to get through – they can’t load your site.
As opposed to a traffic jam, Laura Hautala of CNET uses the image of a dam – the dam representing the effort to filter traffic and let only the legitimate users through. “[I]f someone upstream can send an unexpected torrent down, the dam will overflow and maybe even crack, letting all the water through,” she said. “That floods the area below — and in our analogy, it drowns the website you’re trying to reach.”
Why Worry about DDoS?
During 2016, the size and scope of cybercrime-as-a-service became more evident, and it’s truly disturbing. DDoS is now recognized by security experts as one of the greatest malicious challenges for online business to avoid.
What’s the evidence?
First of all, the 2016 Internet Organized Crime Threat Assessment, issued by Europol on September 28, identified DDoS as the most prominent and devastating form of online crime.
Kasperky Labs indicated that part of the reason Europol placed DDoS at the top is because of research by security expert Brian Krebs. Krebs posted a report on a popular worldwide DDoS service, vDOS. The two young Israeli owners of vDOS were subsequently arrested, but the size of the operation was shocking.
“Based on a subscription scheme, starting from $19.99 per month, tens of thousands of customers paid more than $600,000 over the past two years to vDOS,” noted Kaspersky Labs. “In just four months between April and July, vDOS launched more than 277 million seconds of attack time, or approximately 8.81 years’ worth of attack traffic.”
DDoS Blocks You from Your Customers
You may think that the key cybercrime concern is someone directly hacking your account, or phishing you to get access to your details, and stealing from you. With a DDoS, though, the idea is to block access so that your business can’t operate.
Ideally, when someone can’t reach your site, they will come back. However, many people will leave for good, assuming you don’t know how to run your website (after all, it is nonfunctional during an attack).
To make matters worse, you often won’t get any kind of warning that the DDoS is going to occur, and it might take hours before you know something is amiss.
9 Ways You Can Get Back Sales After a DDoS
So, what can you do to recover revenue that gets lost to DDoS? Here are nine ideas from Pamela Hazelton of Practical Ecommerce. The first two are immediate responses, while the last seven are ongoing protections.
#1. Upfront email – Write a notification for your newsletter subscribers, advised Hazelton. “Be clear about what happened and what steps were taken as a result,” she said. “[R]eassure customers and subscribers that their information was not compromised.”
If you want help explaining the event, you can always link to a site that describes the nature of DDoS.
#2. Site announcement – Also post a message straight on your site. It doesn’t need to be more than a sentence or two, along with a link to further details. Make sure to focus on shopper comfort (keeping in mind how common DDoS attacks have become and that you are a victim).
Give people a discount code if you want – either through the site or through email. However, be careful that it doesn’t seem you are trying to exploit a security breach to expand your profits.
#3. Shopper tracking – With script that gauges how people use your site, you are able to better understand your demographics and refine your key personas. This same tracking becomes especially pivotal when the site goes down while a shopper is attempting to browse or purchase. You can contact them once things are resolved.
“This feature, by the way, could also allow shoppers to pick up the session using a different connection, such as on a smartphone using cellular bandwidth,” said Hazelton. “It’s a feature designed to boost cross-device conversions, but who says you can’t also use it as part of your backup plan?”
#4. Abandoned cart reports – Your ecommerce platform should allow you to capture the name, contact info, and products placed in a shopping cart. That way if someone leaves, they’ll get an automated email reminding them to complete the purchase.
If the site goes down, the abandoned-cart data can be used to send a (carefully worded and not horrifying, of course) explanation about the attack.
#5. Contact details on every site page – When a site goes down, one of the typical things a shopper will do is click the back button on their browser to access the previous page – which may be cached and still accessible. If your phone number and email are on each page, they can still get in touch to make their purchase.
#6. Sales chat – Sales chat is helpful to answer customer questions and can also serve as a DDoS recovery tool.
“That’s because not all websites are hosted on the same server, nor do they all use the same providers,” said Hazelton. “This means a third-party solution that allows you to communicate with shoppers may run just fine while your store is actually down.”
#7. Multiple payment options – Sales chat, if it’s third-party, effectively diversifies your site’s infrastructure, protecting from a targeted attack like a DDoS. What is the payment gateway goes offline? Again, it’s wise to diversify. Offer multiple payment options.
If you can’t back up with another way to enter credit card data and instead must defer to Amazon Checkout, PayPal, and similar, set up a notice to populate when you need to alternatively route shoppers. Give them a phone number as well.
#8. Multiple shipping options – The same principle applies if a shipping gateway isn’t functioning properly. In those cases, provide a shipping alternative that is set up manually.
#9. Backup email servers – We’ve been conditioned over time to expect a receipt of our order by email that arrives nearly instantaneously after making an online purchase. If that server goes down with a DDoS, you could end up with chargebacks and cancellations.
“If possible, customize the error message that may appear on the website if the email cannot be sent,” said Hazelton. “And, ask your host if there is an alternate server that can be used in case the primary mail server fails.”
Free DDoS Protection with Your Hosting?
As you can see above, beyond recovery, there are many actionable strategies you can use to reduce the damage of future DDoS incidents. However, you also don’t want a DDoS to occur in the first place.
At KnownHost, we offer FREE DDoS protection with every one of our virtual private servers. Compare our VPS plans.