How to protect your company against a DDoS attack

DDoS attacks are getting more intense and last longer, warns security company Kaspersky. The attacks on large companies make the news, but small companies can also fall victim. What is a DDoS attack? And how do you protect your company against it?

Major DDoS attacks have been in the news a lot in recent years. Websites of governments, banks, and other companies are sometimes unavailable for days due to these digital attacks. The number of DDoS attacks has been decreasing since early 2022, according to security company Kaspersky. But attacks do become more intense and complex. If a loyal customer calls you with the message, “your webshop is offline,” then you may have been hit by a DDoS attack.

What is a DDoS attack?

“DDoS attacks are almost as old as the internet,” says Jair Santanna. He conducts research into DDoS attacks for the University of Twente, and works as a cybersecurity expert for the security company Northwave. “The goal is to take your site or service offline.” The attackers send so many information requests to your site or app that your server cannot handle the traffic. The result is an error message or ‘denial of service’. Your website or app is inaccessible, causing you to lose sales and face reputation damage. Cybercriminals often use a botnet (in Dutch) for a DDoS attack.

How do you recognise a DDoS attack?

As an entrepreneur, how do you know if you have been hit by a DDoS attack? The most important clue is that you are offline for no reason. Usually, it is just your website. But it can also be more intense, says cybersecurity expert Arnoud Bruinsma. His company BSM helps victims of DDoS attacks. “I once worked at a company that was very dependent on IT for their services. That company had been attacked, and from one second to the next, everything was offline. Nobody could email or call, and the alarm systems and the data centres were switched off. That situation lasted for 2 days.” It is impossible to predict in advance how long a DDoS attack will last, explains Bruinsma.

Against the law

Unfortunately, DDoS attacks are very easy to carry out, says Santanna. “They can be bought for a few dollars. You can find them through Google. That is absurd because carrying out a DDoS attack is against the law (in Dutch). It is like finding illegal products in the supermarket.” It is also difficult to find out who is behind such an attack, adds Bruinsma. The attacker could be a bored teenager or an angry customer. DDoS attacks are also sometimes used as a distraction, says Santanna. “Something to keep you busy while hackers steal your data.” And they are increasingly being used as a means of blackmail, including against SMEs.

Protect your business

The bad news is that DDoS attacks are here to stay and will only get worse in the future. The largest attack to date in Europe, in July 2022, lasted 30 days. The good news is you can protect your business from DDoS attacks. Simply follow a few practical tips from the experts: 

• Test your vulnerability. Turn off your internet connection and your online services. Can you still do your work? Then you probably do not need DDoS protection. Can you not do anything at all? Then it is smart to prepare your business for an attack.
• Make a plan B. How will you work if you are attacked? Maybe you can work on paper temporarily, or you can use a backup of your system. But think about this in advance. It is harder to consider alternatives while under attack.
• Discuss your risks and your plan B with a digital security expert. Also, talk to the suppliers of your systems about their protection against DDoS attacks.
• Involve your internet provider and your web host. They can usually offer you protection against DDoS attacks. For example, through so-called ‘wash stations’ or ‘bad bot blockers’, which block dangerous data traffic.
• Do you think you are being attacked? Make sure that hackers cannot access your critical data. Call your IT administrator, internet provider, or possibly a security specialist. They can help you get your systems back online safely.
• Have you been attacked? File a report with the police (in Dutch). 

Were you a victim of a DDoS attack? We would like to hear from you. Share your experience via kvk.cyber@kvk.nl.