Distributed Denial of Service (DDoS) attacks are becoming increasingly common, and they’re deceptively simple – hackers just overwhelm your site with false traffic – and disproportionately damaging. And while it’s the attacks on major companies that make the headlines, according to a report in The Telegraph, nearly one third of DDoS attacks reported in 2014 targeted businesses with 250 or fewer employees. Even more disconcerting, 60 percent of those small businesses shut down within six months of the attack. It’s clear that cybercrime isn’t just an annoyance; it can be an existential threat.
Even the U.S. government is sitting up and taking notice. In February of 2015, the government announced the creation of a new Cyber Threat Integration Center that will report to the Director of National Intelligence. Lisa Monaco, Assistant to the President for Homeland Security and Counterterrorism, explained that the center will do for cybercrime what the National Counterterrorism Center does for terrorism. Few actions could do more to underscore the serious nature of this growing threat.
Government support promises to be a valuable resource, but the primary responsibility falls to individual organizations. It’s kind of like CPR; the best medical team in the world can’t help if you can’t keep a heart attack victim alive until they get there. Fortunately, there are some things you can do to mitigate the risk. The Telegraph recommends companies take these steps:
Be vigilant.
To spot what’s abnormal, you have to know what’s normal, first. It’s crucial to have either an inside expert or an outside provider who knows the normal traffic patterns of your business and has the ability to spot and diagnose a sudden spike, which is typically the first sign of a DDoS attack.
Invest in extra capacity.
What makes DDoS attacks so devastating is that the tidal wave of traffic overwhelms the system’s ability to process it. If you normally operate at maximum capacity, you have no chance of staying online during a DDoS attack. Invest in as much bandwidth as you can afford. It probably won’t be enough to completely stop a DDoS attack, but it could buy you some time to activate your contingency plans.
Conduct drills.
You rehearse plans for other disasters; you should treat your emergency response plan for a DDoS attack no less seriously. Practice your plans frequently enough that everybody knows what needs to happen and who is supposed to do it, and practice the plans until the responses become automatic. These drills should include implementing any stop-gap measures, like rate-limiting your router or adding filters to drop packets that are obviously part of an attack.
Call in the pros.
No matter how talented and trained your in-house staff is, once you’re under attack, you’re probably going to need the help of professionals. For moderate attacks, your ISP provider should be able to offer some help, such as “null-routing” your traffic, which means dropping packets before they even arrive at your server. For larger attacks, you may need the services of a DDoS mitigation specialist, experts who specialize in stopping and recovering from DDoS attacks.
