What is a DDoS attack?

The cybersecurity industry has long had a reputation for impenetrable jargon, be it tools, threats or solutions. So, in this blog, we’re demystifying another confusing term. What are ‘DDoS attacks’? Why should you be worried about them? And, most importantly of all, what can you do to stop them?

How does a DDoS attack work?

DDoS stands for Distributed Denial of Service. And it’s a very simple but potentially very disruptive premise. Cybercriminals pick a target, then flood its network with so much malicious traffic that it can’t operate as it usually would. The result is that legitimate traffic (such as shoppers or readers) grinds to a halt. 

You’ve probably seen this technique used before without necessarily putting a name to it. Google was hit with the largest attack on record in 2017. Meanwhile, Amazon Web Services fell foul of a gigantic attack in February 2020

How common is this kind of attack? 

DDoS attacks are more common than you might think and they’re on the rise. 2020 saw a 151% increase in the frequency of attacks in comparison to 2019. And, to make matters worse, cybercriminals are increasingly targeting small businesses with this kind of attack. 

How much damage can a DDoS attack do? 

A DDoS attack is highly disruptive for any business. But for big corporates, it’s usually something they can swallow. After all, for a multi-billion dollar business, a few days lost revenue and some disgruntled customers don’t have to spell disaster. 

However, for a small business, a DDoS attack can have serious consequences. A successful DDoS attack can take down entire websites and systems. This could mean lost revenue, breached data, reputational damage, dissatisfied customers, and a massive cleanup effort to get systems back up and running. In other words, a potentially critical situation for a small business with limited resources. 

What can you do to protect your business? 

We’ve painted a pretty scary picture so far. But that doesn’t mean small businesses are defenceless in the face of DDoS attacks. There’s plenty you can do to help your business avoid the worst-case scenario. 

Use a Web Application Firewall (WAF)

A WAF blocks suspicious traffic and prevents DDoS attacks from accessing your business’s servers. And, the best thing about a WAF is that it’s easy to customise for your business. For example, if you mostly do business in the UK, you could configure it to block all non-UK traffic. Or, you could take it a step further and blacklist traffic from markets renowned for attacks.

Of course, like all software, you need to ensure you’re patching regularly for it to be most effective. 

Learn to spot the signs

We’re always talking about the importance of security training for your staff and our advice is no different when it comes to preventing DDoS attacks. One of the key reasons that DDoS strikes are so hard to stop is so few people know how to recognise them – until it’s too late and business systems fail.

To give an example of what we mean, did you know a sudden surge in traffic – even for just a few minutes – could signal the start of an attack?

Even basic cybersecurity knowledge among staff about what the threats are, how to spot them, and what to do in the event of an attack, can help your business get a head start on cybercriminals.

For more on security training, read this

Be mindful of your supply chain

A huge proportion of cybersecurity attacks now begin in the supply chain. And, unfortunately, this includes DDoS attacks. Most SMEs are part of a supply chain and lack the security resources of larger partners, making them an enticing way for cybercriminals to attack more glittering prizes. 

These ‘attacks through the back door’ are becoming increasingly common. US retail giant Target was fined $18.5 million after a breach at its air conditioning partner led to the leak of millions of credit card details. 

So talk to your suppliers and partners about their cybersecurity practices and share experiences and advice. For those below you in the chain, this may mean asking for proof that their cybersecurity is in order. And for the bigger companies you service, this could mean agreeing to shared security practices and transparency in the event of a breach. 

Protecting your business on a budget is tricky. Calling in the experts or investing in the latest tools is expensive. So what can you do? CyberSmart Active Protect secures your business around the clock with no need for costly consultants, tools or an in-house team. Try it today.

Active Protect CTA