If you want to make money online, it’s not enough just to build your business; you also have to protect it. While our companies are not at risk for fire or flood like brick and mortar businesses are, we do carry infrastructure risks that can cripple us in a heartbeat. It doesn’t matter how big or small your company is; unless you have backup servers, strong firewalls and a way to maintain your web hosting during extremely high traffic periods, you are at risk.
Take mastercard.com, for example; you would think one of the biggest credit card companies in the world would have protection so strong that they would be immune to attack.
You would be incorrect.
Last week, members of the /b/ group at www.4chan.org, who call themselves “Anonymous,” managed to take MasterCard down for hours, stopping people from being able to charge items on their cards and blocking their SecureCode payment authentication service.
This all happened in the middle of the Christmas shopping season. The result was that a lot of people ended up using their Visa cards instead of their MasterCards, which resulted in lost revenue for the company. It also left a lot of people with a bad feeling about MasterCard, because it was embarrassing to have their cards suddenly declined. Beyond that, it left people wondering just how secure their purchases with MasterCard really are.
Here’s how it happened. MasterCard had been allowing people to use their cards to donate money to Wikileaks in support of their mission to release classified documents to the public. When the media started talking about it, MasterCard caved into political pressure and blocked payments to Wikileaks.
The people at /b/ who call themselves “Anonymous” got angry and launched an all-out Dedicated Denial of Service (DDoS) attack. This essentially means that they bombarded MasterCard’s site with so many hits, it was pushed beyond capacity and simply collapsed.
There are many ways that MasterCard could have avoided this situation. They could have had stronger firewalls to protect against the DDoS attack. They could have had backup servers installed. Given the size and reputation of their business, they should have had a plan in place to prevent DDoS attacks altogether.
But they didn’t, and so for a few hours things went very wrong for them. And it didn’t have to be that way. For example, “Anonymous” attempted a similar attack on Amazon.com the next day. That DDoS failed because Amazon had anticipated this type of attack, and had the technological tools in place to defeat it (including backup servers and cloud-based web hosting.)
So, my advice to you is that you need to figure out ways to protect your site from the worst-case scenario – like Amazon did – and not simply hope that you never get attacked.
Solid advice man
thx
Great site. A lot of useful information here.