DDoS attacks are back... Here’s how to protect your business
In the second quarter of 2017, Distributed Denial of Service attacks were back with a vengeance. High-profile cases, like Google who had to remove around 300 apps from its Play Store after they were found to hijack devices to provide traffic for large-scale DDoS attacks and the takedown of news websites such as Aljazeera, Le Monde, and Figaro earlier this year, have made it obvious that DDoS attacks are not going to stop anytime soon.
While DDoS attacks have always been a fairly common occurrence, the research suggests that their popularity is growing and that many companies are unaware of how to protect themselves. In a recent report, Kaspersky Lab found that four in 10 businesses were unsure of how to protect themselves from a DDoS attack, and that’s just the beginning.
Alongside this, 30% of businesses were found to fail to take action against attacks, and a further 12% said they believed that minor DDoS attacks had barely any impact. In reality, the opposite is true. In 2012, a Ponemon Institute Study discovered that just one minute of downtime due to a DDoS had an average cost of £16,000.
It's not just large companies that need to worry about it anymore. A small business is just as likely to be a target now too and, according to research done by Imperva last year, the UK is the second most targeted country in the world. With that said, it makes sense to take DDoS attacks and your business security seriously.
What exactly is a DDoS attack and how would it affect me?
A Distributed Denial of Service attack is when a hacker denies access for legitimate users of an online service. The service could be a bank, a SaaS application, an e-commerce website or any other type of network service. The motive is generally to give competitors a chance of attracting your customers, hindering your business's online success and profit, and causing loss of trust and reputation.
A DDoS attack can very quickly halt a business’s productivity, bringing workflow to a standstill. Large-scale attacks are now commonplace, but any company who does business on a digital platform is potentially at risk. A key issue with DDoS attacks is that many businesses simply assume that they are already protected; either by their Internet Service Provider or by the data centres or partners that they work with. While this may be true in some cases, it is not always, and it may also be an ineffective approach to smart attacks such as those using encryption or imitating user behaviour.
How can you protect your business from a DDoS attack?
While it is difficult for any company to completely protect its digital presence today, it’s not impossible. Here are the first steps to secure your business against the threat of DDoS.
1. Recognise the signs
Prevention is always better than cure, so recognising a DDoS attack before it fully takes form is the place to start. Of course, no DDoS attack is the same and they can be difficult to identify. You may see a spike in network or web traffic that doesn’t seem out of the ordinary at first glance but turns out to be something malicious.
The right technology, training, and expertise are of great importance. An anti-DDoS service can help and is definitely recommended, as well as creating an incident response plan. Working with a managed cyber security provider will give you the upper hand too, ensuring you have expert knowledge and advice when you need it.
2. Use a VPN which is DDoS protected
An anti-DDoS VPN is a service which will hide your IP address from hackers. It is also designed to filter incoming website or server traffic through mitigation servers which protect against DDoS attacks.
Anti-DDoS VPNs will give your business an additional layer of defence against attacks, ensure you have a safer connection for online business activities and keep your systems running smoothly. If you are unsure how to set this up then you can get an outsourced IT company to help.
3. Communicate with your ISP provider
A DDoS attack doesn’t only affect you, it also affects your Internet Service Provider. As such, they are likely to have procedures in place to help deal with DDoS attacks when they strike.
You can make sure you’re covered from the start by choosing an ISP that has DDoS protective services set up. It’s wise for small businesses to also have a backup ISP in place too.
In the event that you are attacked, calling your ISP is a good place to start. Ask them to trace where the attack came from and see if they can re-route your traffic. They’re bound to have recommendations of what to do when this happens.
4. Consider on-premise equipment and tools
On-premise equipment and tools can help protect against DDoS attacks as kind of a first line of defence, although they may not be enough to keep you completely safe. Some enterprises rely on scripts or existing firewalls, and if this is the case for you it is worth checking what you have in place to make sure it is giving you enough protection. The step-up from this is to deploy specialised DDoS mitigation hardware that resides in a business’s data centre in front of normal routers and servers and spots and filters all malicious traffic.
Two further tools that businesses can consider in addition to the basic signature-based routers and firewalls are load balancers, which balance traffic across several servers within a defined network with the goal of creating extra availability and limiting the chance of services going down due to a flood of traffic, and a cloud anti-DDoS solution to filter or divert harmful DDoS traffic before it even reaches you.
With DDoS attacks rising in frequency across the UK, making sure your business is on alert for threats will potentially save you from lost revenue, business, data and productivity that results from your website, network or servers being down.