Combating DDoS Attacks: How to Keep Your Retail Network Secure

by Greg Griffiths
October 10, 2018

Thanks to PCI DSS, the retail industry has done a remarkable job of mobilizing to protect customers’ cardholder data. While widespread compliance can’t completely keep the cyber thieves at bay, PCI DSS unquestionably has mitigated their capacity to steal cardholder data.

That’s great for consumers. It’s now time for retailers to also step up their defenses against the greatest cyberthreat to core retail operations: the distributed denial‑of‑service (DDoS) attack, in which hyper-aggressive, orchestrated streams of incoming traffic from multiple sources effectively shut down a network, impeding operations.

According to The Standish Group, network outages cost retailers an average of $4,700 per minute. Unfortunately, DDoS attacks and the outages they cause are escalating rapidly.

Retailers without DDoS attack protection

DDoS attack protection

According to the Ponemon Institute, DDoS attacks accounted for 22% of unplanned outages in 2016, up from a mere 3% in 2010. Retailers, a favorite target, are particularly at risk of negative impact from revenue loss and damaged customer perception.

Minimizing that risk requires continuous monitoring, speedy detection, and immediate response as soon as possible after a DDoS attack begins. For retailers, DDoS attack protection is a must-have for business continuity and resiliency, an essential element of a complete security strategy.

DDoS mitigation is a highly specialized form of network security and many retailers have discovered that the most effective protection comes from DDoS mitigation service providers. A well-rounded service can identify gaps for remediation, address those gaps with added network security, and provide ongoing monitoring and extremely rapid response – thwarting DDoS attacks before they rack up sufficient downtime to cause a major hit to retail revenue and brand reputation.

Is your retail operation sufficiently protected?

Virtually every retailer in the U.S. takes the necessary steps to ensure PCI DSS compliance, yet most view DDoS attack protection more as a secondary concern. The rapid escalation in DDoS attacks indicate a clear need to treat them as a primary threat as well. Those who do give the threat of DDoS attacks the attention it deserves are often those who have already been hit, and hard. It doesn’t have to be that way. Thorough, proactive DDoS mitigation and PCI DSS compliance measures are far preferable to dealing with the fall-out after the fact.

Just ask any retailer who has been there.