What is a DDoS attack?

Don’t let website traffic come to a stop

We all almost always take the same route to work every day. We know how much traffic there will be and the time it will take to get to work. Say you are a Mumbaikar and take the Western Express Highway every morning. What if one day you left for work and there was an unprecedented number of cars jamming the highway, completely blocking it? The road is built to handle a certain number of vehicles and these unexpected cars have made it impossible for regular commuters to reach their destinations. This is exactly what a DDoS attack is!

A DDoS attack shuts down a website, bringing the business to a complete stop.

 

In the analogy, the highway is your online business, additional cars creating congestion are botnets crowding onto your website, and regular commuters who are blocked from getting through are your real customers.

5 ways a DDoS attack could harm your business

India ranks fourth in the list of top-10 targets for web application attacks like DDoS (distributed denial of service). Here’s how such attacks can harm your business.

  1. Loss of revenue.

  2. Customers turned away.

  3. Theft of consumer data.

  4. Damage to reputation.

  5. Cost of cleanup.

First let’s understand what DDoS is and how these attacks work. Then keep reading for warning signs and a list of things you can do to keep your website safe.

What is a DDoS attack?

DDoS Attack Stone Army
With a DDoS attack, an army of botnets overwhelms a website in order to shut it down.
Photo: Aaron Greenwood on Unsplash

A DDoS attack is when a hacker sends an army of botnets onto a website with the intention of bringing that site down (a botnet is a string of connected computers coordinated to perform a task together). DDoS is a malicious attempt to overwhelm a website with a much larger amount of fake traffic than its server can handle.

There are many types of DDoS attacks used by hackers. They include:

  • Volume-based attacks
  • Application-layer attacks
  • Protocol attacks

Volume-based attacks, wherein hackers use up all the available bandwidth for that site, are the most common. The result is that the website crashes, meaning no one can see or use it. It could stay offline for hours — or even days.

Hacking for hire

It is very easy to ‘buy’ a DDoS attack. Yes, it is as simple as picking something off a shelf. According to industry reports, an attack can cost as little as US$5 up to US$400.

There are a lot of reasons why your website can be targeted with such an attack. It could be as simple as someone not liking you and wanting to exact revenge or someone indulging in unhealthy competition. A more sinister reason could be extortion or data theft.

How it can harm a small business

If you feel that your business is small and won’t attract attention from hackers, you, my friend, are unfortunately wrong. Small businesses with lower security are the real targets. It’s easier to hack multiple defenceless small businesses than going after a giant/large organisation.

DDoS Attack Man In Ocean
Mubariz Mehdizadeh on Unsplash

61 percent of small businesses in India report experiencing a cyber breach between 2016 and 2017.

A DDoS attack is more than an inconvenience. It can disrupt your business in ways that are far too serious to ignore.

1. Loss of revenue

The first thing a DDoS attack does is slow down your website or, in worst cases, render it absolutely inaccessible, not letting your customers reach you. Other than ruining a customer’s experience, a downtime directly results in loss of revenue.

2. Customers turned away

The online space is extremely competitive. If you cannot provide the desired service, the customer is happy to move on to the next online business that can. A downtime or denial of service is a big turn off for customers. They won’t be back.

3. Theft of consumer data

One of the top reason to orchestrate a DDoS attack is to steal consumer data. Most companies that experience a DDoS attack report theft of customer data and other financial information. Hackers often sell this data on the darknet for use in identity theft or other illegal schemes.

4. Damage to reputation

Reputation is everything in business. It helps you generate repeat customers, partnerships and funding among other things. A DDoS attack would damage the reputation you’ve worked so hard to build.

5. Cost of cleanup

Industry reports say that average cost of mitigating a DDoS attack can range anywhere from US$50,000 to US$2.5 million. Even if we are optimistic and take the lower figure, it is a huge cost for any small business.

Warning signs you should not miss

How would you know if you were under a DDoS attack? There are few warning signs you should keep an eye out for:

  • A sudden slowdown of your website.
  • Unexpected surges in traffic.
  • Your servers are down for a specific time period every day.
  • Your website completely shuts down for 24 hours or longer.

Please note: If you see the first three signs, it might not always be that you are being attacked. It could also be that your website is hosted on the same server as another website that the hacker meant to target. So the first step is to contact your web host and ask them to check for suspicious activity on your account. Not sure who hosts your website? Find out here.

Tips to protect your business

Doing damage control once your site is under attack is a costly affair. The best option is to avoid such a cyberattack by taking preventive measures and constantly standing guard. Key best practices include:

Secure passwords

We are repeatedly asked by banks to use complex passwords and for good reason. It is very easy to crack passwords — in most cases, it does not take more than a few minutes.

Ensure you use a complex and secure password that is a mix of alphabets, numerical and special characters to prevent hackers from entering your website.

DDoS Attack Purple Keyboard
There are many things you can do now to minimise the risk of a DDoS attack.
Photo: Anas Alshanti on Unsplash

Updated software

Keep the software of your website updated. This includes the software needed for running day-to-day operations, as well as all your security software. If you fail to do so, you could be leaving holes for hackers to break into your site. This is even more crucial for WordPress and eCommerce software.

Impenetrable firewall

A web application firewall (WAF) scrutinises all the traffic that comes to your website. It has a set of filters to remove malicious traffic while still allowing legitimate users through.

A WAF like the one that comes with GoDaddy Website Security can help protect your website from botnet traffic surges, DDoS attacks and other malicious attempts.

DDoS Attack WAF Infographic

Safeguarding your website requires constant vigilance. You might have the most stringent security standards, but there is always a chance that a hacker will find a way to get in by using a new exploit or gap. It is imperative to regularly scan your website for suspicious or malicious content.

Act now to avoid DDoS attacks

DDoS attacks are on the rise in India and around the globe. They pose a serious threat to startups and SMBs alike:

  • Small businesses are a prime target, as many do not have comprehensive security measures in place.
  • A DDoS attack can bring your business to a standstill for 24 hours or more and result in loss of income, reputation and your valuable consumer data.
  • The cost of mitigating a DDoS attack is enormous. A better approach is to proactively work at preventing one.

The good news is that there are ready security solutions built just for small business that will do all the work for you. GoDaddy’s Website Security provides exactly that for a fraction of the price you would pay a security specialist or spend to clean up an attack.

Leave the worrying to experts and go and build a successful business!

Image by: Hitesh Choudhary on Unsplash