Distributed Denial of Service (DDoS) attacks are increasing in frequency and severity – 24% of businesses have experienced a DDoS attack in the past year alone, so every business that offers an online service should have a plan in place in case they are the next target for cybercriminals.
DDoS attackers do not discriminate – research from Kaspersky Lab has revealed that among businesses that were affected by DDoS attacks in 2017, 20% were very small businesses, while 41% were enterprises. In fact, a quarter of businesses that have been affected by a DDoS attack believe that the attack wasn’t intended for them, but that they were accidental victims of an attack targeted at another organisation.
Attacks are also becoming more sophisticated and causing even greater disruption for affected organisations. They have moved up the network stack in recent years, with application layer attacks becoming increasingly common and some organisations even experiencing business logic attacks. DDoS attacks are also used to distract a company’s attention from more serious cybercrime, such as data theft, network hacking or financial theft.
While you can’t prevent cybercriminals from targeting your business, you can put measures in place to minimise the effects of a potential DDoS attack. Here are our top tips for securing your online services against DDoS attackers:
1. Know your ‘normal’
When it comes to DDoS attacks, recognising an attack in its early stages can make a real difference to the amount of disruption it causes your business.
You don’t want to only find out about an attack once your customers start complaining that your site is down – to ensure that you’re a step ahead, make sure that you know what your normal traffic looks like. Most DDoS attacks show as a sharp spike in traffic, but spikes in traffic might be normal for your organisation. That’s why it’s important to understand what’s typical for your site, so if you do detect traffic that seems suspicious, you can react quickly.
2. Be ready
Don’t wait until you become a victim of a DDoS attack to decide what you need to do next – you need to incorporate DDoS into your wider business continuity and disaster recovery plan.
Start by analysing each element of your infrastructure, from your website to your DNS servers. Carry out a risk assessment to identify the areas of your network that are the most vulnerable to DDoS attacks – IoT devices, for example, are increasingly being used as a point of entry for DDoS attacks. You can then work towards improving security in these areas.
You should also create a dedicated DDoS response team, giving each member of the team specific responsibilities in the event of an attack. A documented DDoS response plan can also be incredibly useful when it comes to preventing panic and acting quickly when an attack occurs.
3. Seek external support
When you’re under attack from DDoS hackers, having external support can be invaluable. While you may have built some buffer into your bandwidth, in a DDoS attack you could see as much as 300GB per second of malicious traffic, and it’s unlikely that you’ll be able to handle this alone.
That’s why it’s useful to have a DDoS scrubbing service on hand when you need it. When an attack is detected, your traffic is redirected to the scrubbing centre and analysed, typically through deep packet inspection. Suspicious traffic is filtered out, while clean traffic is passed back to the network for delivery, so legitimate customers can still access your online services. This way you can minimise your downtime during a DDoS attack.
4. Review your entire system security
If you’ve been affected by a DDoS attack, don’t assume that you’re no longer at risk simply because your website is back up and running. Many attacks are used as smokescreens for other cybercrimes, such as data breaches, which could have an even greater impact on your business.
In the aftermath of a DDoS attack, you should always review your system logs to see if any other malicious activity took place while you were under attack. If you process card payments online, you should be particularly thorough when it comes to inspecting your credit processing environment – conforming to standards like PCI-DSS should ensure your security measures are strong enough to withstand attacks. You should also carry out a full systems health check.
Are you prepared for a DDoS attack?
DDoS attacks can be daunting, but if you have the appropriate plans and support in place when you experience an attack, you can significantly reduce the harmful impact it has on your business.
Creating a watertight plan of action can be complex, but Blue Chip’s security team has the industry expertise needed to optimise your network and systems to minimise your risk of serious incidents, like data loss. Our DDoS protection technology also allows us to offer a market-leading DDoS scrubbing service, removing DDoS traffic in order to maximise your uptime.
If you’d like to benefit from additional DDoS protection, or you’d like to talk to our security team about any aspect of your IT security, we’re here to help – give us a call on 01234 224400 or email firstname.lastname@example.org.