By Jaheer Abbas, regional director Southeast Asia & ANZ, Limelight Networks
People today are spending more time online every day. A study by Limelight Networks found nearly half of adult consumers in Southeast Asia are online 16 hours or more each week. As digital grows in importance, however, it also becomes an increasingly bigger target for attacks. The impact of a DDoS attack is greater than you’d think. Not only do these attacks diminish website performance, but there is the risk of long-term damage to brand reputation.
Furthermore, DDoS attacks can also result in significant costs for a company – the obvious example is lost revenue. What businesses may not realise is that they’re paying for the “bad traffic” that’s attacking them, which can add up quickly and become very expensive.
Therefore, it’s important for businesses to have the right technologies and infrastructure in place to protect themselves against DDoS attacks. Specifically, by implementing a layered defence that quickly identifies and mitigates these attacks, brands can protect their websites and reputations, while also ensuring they are only paying for the delivered clean traffic.
Even if a business’ website is scalable, it’s crucial to have a back-up plan in place to prepare for unexpected traffic spikes and ensure the website is secure in any situation. As a bare minimum, businesses should utilise a CDN, as it can scale with traffic spikes and allow websites to effectively absorb traffic.
If a business isn’t quite ready for DDoS protection, it should at least look to set up DDoS detection as a first step – this way it can understand issues within its network and work to respond to an attack as quickly as possible.
Where to start? Safeguarding digital content often involves multiple techniques and layers of security. However, there are some easy-to-implement ways to protect your content.
The most fundamental level of protection is delivering digital content over HTTPS. HTTPS, or HTTP-Secured, refers to the encryption of communication between a single client (typically a device with a web browser) and the destination, such as a website, through a trusted certificate that verifies ownership of the destination.
When a successful HTTPS connection is established, any data that passes over that is encrypted. This way, you can be assured that you’re protected from anyone who might intercept the transmission.
Many organisations today also use two-factor authentication to access specific areas or types of content. It requires users to enter a randomly-generated, single-use number each time they log in. This ensures that even if a password is guessed or discovered, the perpetrator would still need to enter the code in order to gain access.
Today’s websites integrate with third-party services such as Facebook and Twitter, include targeted advertisements, and can even be reshaped based on user history. Some of that data can be “personally-identifiable information” (PII) such as names, addresses, emails, and credit card numbers. These types of data need to be protected and encrypted.
Using server-side scripting, for example, you can code part of your web pages to do the encryption and decryption on the fly, ensuring that data placed into the database, especially PII, is secured even if a breach does occur.
Organisations should store URLs to content in a database rather than hardcoding them directly onto a page with a link. That way, if someone views the code on your page, he won’t be able to find the content location. Storing sensitive content such as media files above your www directory will also prevent anyone from crawling the website to find the location of your content.
The sophistication of cyber attacks sometimes warrants a layering of security technologies in front of a website. For example, where DDoS protection can help prevent a flood of malicious traffic, a web application firewall (WAF) can help filter traffic against a set of rules that prevent more targeted activity such as cross-site scripting (XSS) and SQL injections.
The bottom line is, safeguarding your digital content is now more important than ever as digital experiences become the focal point for consumer engagement and commerce. Implementing these methods and technologies will protect your digital content, ensure high availability, and maintain a superior quality of experience for every digital visitor.