Big corporations, high-profile companies and even government departments are often the first to feature when they grab the headlines following yet another report of a distributed denial of service or DDoS attack. But small businesses are vulnerable to DDoS too and, if they are implemented by cybercriminals, can do a lot of damage in a very short space of time.
The DDoS attack strategy has been around for long enough for most of us to be aware of it, but not always sure what it is. In essence, a DDoS is a cyberattack designed to take down or paralyse an online service. This is usually done by effectively exhausting a host server or servers’ ability to keep processing data.
Basically, everything grinds to a halt and prevents users accessing online content due to the host being flooded with requests, often from bots, that make the system unable to cope with the demand. Huge and sudden volumes of traffic can overwhelm systems rapidly, which is why the DDoS technique has become such an effective tool used by cybercriminals.
Why and where from?
The reasons for DDoS attacks are obviously based around criminal intent and they can strike at any time. Research has revealed DDoS attacks to originate from, well, just about everywhere and anywhere including the United States and China, but sources in countries including South Korea, Thailand, India, Vietnam, Iran and Indonesia have all produced their fair share of DDoS attacks too.
Frequency of these attacks has increased too, with cybercriminals now able to buy DDoS tools and options from the dark web in order to get the job done. Using a route like this for causing chaos to someone’s business website or online presence is relatively cheap and straightforward. As a result, company concerns across the spectrum are frequently affected, with business including online shopping sites, internet service providers and many others all falling foul of DDoS attacks.
Malicious intent
Digging deeper into the motivation behind DDoS attacks and research has found multiple reason that inspire people to instigate them. A successful DDoS attempt can often be carried out by cybercriminals who wish to paralyse an online outlet in the hope that some form of ransom can be paid. Sometimes, it can be something as simple as a disgruntled employee wanting to carry out a revenge style attack on a former employer.
There are more sinister motives too, such as those DDoS attacks carried out by organisations hoping to cause turmoil or suspend website activity on government outlets, or sites with a specific political standpoint. On the other hand, some DDoS attacks have been found to have been executed by people who did it because they could, or who were bored. Sometimes the motive can be relatively harmless, but the damage can be just as costly.
Preventative measures
Irrespective of the motives behind a DDoS attack, there’s a real incentive to ensure that you’re well protected if you’re running a business, even if you consider yourself unlikely to be attacked. Being nonchalant about not have any kind of protection against DDoS attacks could come back and bite you and your business, so it’s a very good idea to have a plan of defence in place. On top of that, a contingency plan just in case the worse happens is also advisable.
If possible, get your IT department to up their game when it comes to monitoring for DDoS attacks, using an approved network monitoring tool. This can be set up so that any irregularities are flagged up automatically and, hopefully, early enough to take preventative measures if a DDoS attack is imminent. It’s possible to bolster this by making use of Web Application Firewalls, which can help to filter perceived threats before things get out of hand.
Investing wisely
Small business owners can often baulk at the thought of having to up their IT budget, especially when it comes to scenarios that might never happen. However, it can be false economy to not invest in preventative ools for tackling DDoS attacks, especially if you’re website and online presence is one of the cornerstones of your business DDoS mitigation services are another good option and can prove to be a worthwhile additional investment as they’ll help take the pain out of more severe attacks.
Of course, it all depends on the size of your business and how much you stand to lose if you’re suddenly taken offline. As an example, business that are heavily e-commerce-based can lose a small fortune in just a few hours if their website functionality is compromised. In that respect, spending some of your annual budget on tools and services designed to tackle DDoS attacks could end up being a very shrewd move in the long run.
Working smarter
It's far better some financial pain now than a business that could be paralysed for days or even weeks without the right tool in place to tackle this growing issue. Unfortunately, you don’t have to look too far in order to find plenty of businesses who have already suffered DDoS attacks and, undoubtedly, all of them would offer the same advice for getting protected sooner, rather than later.
If you have a business and aren’t sure about what it needs to be properly protected then enlisting the services of a specialist company or consultant could be time and money well spent.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Rob Clymo has been a tech journalist for more years than he can actually remember, having started out in the wacky world of print magazines before discovering the power of the internet. Since he's been all-digital he has run the Innovation channel during a few years at Microsoft as well as turning out regular news, reviews, features and other content for the likes of TechRadar, TechRadar Pro, Tom's Guide, Fit&Well, Gizmodo, Shortlist, Automotive Interiors World, Automotive Testing Technology International, Future of Transportation and Electric & Hybrid Vehicle Technology International. In the rare moments he's not working he's usually out and about on one of numerous e-bikes in his collection.