If you think cyber security is something only big businesses need to be worried about, think again. A Federation of Small Businesses report found that a whopping 66% of small businesses have been targeted by cyber crime, coming under attack on four occasions on average.
With each cyber crime incident costing a business an average of £3,000, along with the indirect costs associated with reputation damage and loss of custom, SME cyber security is something that no small business can afford to ignore.
In today’s article I’m looking at a particular form of harmful cyber crime known as a DDoS attack. Here’s everything you need to know about DDoS attacks, including how to spot them and how to prevent them.
What is a DDoS attack?
‘DDoS’ stands for ‘Distributed Denial of Service’, and a DDoS attack is a malicious cyber attack of which any website can be a victim.
The idea of a DDoS attack is to bring down a website by flooding it with traffic from numerous different sources. If successful, such an attack will take your website offline, preventing your customers from accessing it altogether.
The result is lost sales and frustrated customers – and potentially a damaged reputation. If your business relies on your website – for e-commerce, for example – this can have a devastating impact on your bottom line.
The traffic sources used in a DDoS attack are ‘botnets’, which are vast networks of hacked computers that the attackers have gained access to using malicious software. The owners of these computers may have clicked a link in a suspicious email and now have no idea that their computer is being accessed remotely by people who are using it to launch a DDoS attack.
Using these botnets, hackers are able to direct traffic to a website and totally overwhelm the server hosting it. One of the many ways they can do this is by sending so much traffic that the server can’t keep up with the number of connection requests, and another way is to overwhelm the website’s bandwidth by sending it vast amounts of data.
Cyber criminals can bring down large websites in this way, as happened with Wikipedia in Germany and other parts of Europe last September. But because small businesses don’t always have large amounts of bandwidth or the server capacity to handle large volumes of traffic, nor the budget for sophisticated cyber security systems, they can be particularly vulnerable to such attacks.
Small businesses often lack an IT department, too, which can make it difficult to prevent and recover from DDoS attacks, which you and your non-technical staff members may not even have heard of before.
Worryingly, DDoS attacks aren’t always just the work of random hackers. There’s an organised underground network via which someone with a grudge against a business or organisation could pay as little as $150 to have a DDoS attack carried out on it, or purchase botnets and carry out the attack themselves.
DDoS attacks: The warning signs
DDoS attacks don’t all look the same, as there are different ways of launching an attack (different types of attack go by their own nicknames, such as ‘Pings of Death’ or ‘Shrew attack’). What’s more, unless you’ve been browsing your own website yourself, you may not know there’s anything going on until your customers get in touch to say they can’t access it.
Although they usually come without warning, there are some common signs you can look out for that indicate your website may be suffering a DDoS attack. These include:
- Your site running slowly or returning a 503 error page
- A high number of requests per second from the same IP address
- An unprecedented traffic spike
- Ping request TTL (time to live) timing out
- Your customers contacting you to say they’re unable to access your website
The symptoms of a DDoS attack can sometimes be confused with general website issues, such as pages taking a while to load. When it comes to traffic spikes, these aren’t always the result of a DDoS attack either; for example, if some content you’ve published has gone viral, or you’ve had a mention in a TV show, you might find that your website can’t handle the natural spike in interest and there’s nothing malicious about it.
However, if you’re familiar with your usual traffic patterns and aren’t aware of any social media or press coverage that might have caused a surge in traffic, the chances are that there could be something more sinister afoot.
For the avoidance of doubt, DDoS detection tools also make it possible to pick up an incoming DDoS attack and alert you to it before your customers start letting you know about it.
How to protect your business from a DDoS attack
The last thing your business needs is to be taken offline by a DDoS attack, but because the traffic targeting your website in a DDoS attack comes from so many sources, it’s not possible simply to block traffic from one IP address to stop the attack.
So what can you do to prevent it? Here are some top tips for protecting your small business against the threat of DDoS attacks.
Know your weaknesses
What parts of your business would be adversely affected in the event of an attack? List all your public-facing assets, including data centres, servers, physical locations (such as your office), IP addresses, domain names and so on.
This gives you a picture of where you could be attacked. What’s more, it helps to know your server capacity and bandwidth. For example, if your server is capable of handling thousands of requests at a time, you’re in a less vulnerable position than if it can only manage a hundred.
Understand the potential impact
What would the impact of a cyber attack be on various arms of your business, such as your e-commerce website or one of your offices? The greater the impact, the more it’s worth spending on preventing it from happening.
Take the time to consider what the implications of a DDoS attack would be, and don’t forget that it’s not just the immediate loss of revenue from your website being offline that you need to consider. For example, it can lead to reputational damage, loss of customers, lost productivity and even the inability to meet service-level agreements, which could result in a customer taking legal action against you for breach of contract.
Come up with a plan
Make sure you’re clear about who holds ultimate responsibility for protecting your business from a DDoS attack. If you employ someone external to manage your network for you, make sure this responsibility is written into your contract with them; otherwise, decide on which member of your team will take responsibility for this. Then put together a plan of who’ll take what actions in the event of an attack, such as who will contact your internet service provider.
Invest in a business-grade router
The extra bandwidth buffering offered by a decent router could make all the difference in buying time to deal with a DDoS attack as it happens. Look for scalable options which will allow you to increase bandwidth if under extra pressure and understand what your maximum capacity is and if you have an appropriate overhead for a DDoS attack.
As we mentioned earlier, it’s possible to set up system alerts so that you receive an email when a suspected attack first starts. It’s probably easiest to ask a system administrator to do this for you.
Having laid the groundwork in place, talk to your security or hosting provider about the protections available to you to prevent a DDoS attack. The best solution is to use a web application firewall (WAF), which blocks malicious traffic from accessing your server in the first place. Firewall settings can be customised so that, for example, you can block traffic from a particular country, such as China or Russia, where many big cyber attacks originate.
There are also a number of different DDoS mitigation systems available depending on what you’re protecting, including services that activate only when an attack is detected, saving money compared with “always-on” services that push all traffic through a cloud-based screening centre. Here’s a useful comparison of some of the best DDoS protection platforms available at the moment.
If all this sounds a bit too technical, you might want to enlist the help of a system administrator or cyber security specialist to help you with this. It’s better to invest in the measures and expertise to defend your company from potential attacks than it is to deal with the fallout once it’s happened, so it’s sure to be money well spent.
The information in this article is for general guidance about cyber security good practice only and is not legal advice.
We have tried to ensure that this guidance is accurate and relevant as at November 2020. However, Nominet UK does not accept liability for any loss, damage or inconvenience arising as a consequence of any use of or failure to use any information contained in this guidance.
Rachel Ramsay is a freelance copywriter with a background in digital marketing. She's written copy for clients ranging from the United Nations World Food Programme to The North Face, and particularly enjoys working with lifestyle and travel brands. In her spare time, she volunteers for Guide Dogs and flies light aircraft and helicopters.Read full profile