41% of companies suffered a DDoS attack in 2014, their websites or systems either disrupted or taken offline completely. One in five were offline for a whole day. Reaction time is a factor in DDoS, so business owners, webmasters and IT managers should understand the risk that DDoS poses to their own business, and have a contingency plan in place.
A denial-of-service (DoS) is an attempt to make a machine or network resource unavailable to its users. For many businesses, that translates as an attempt to overload your website with spam traffic, with the aim of sending it offline. DDoS simply means distributed denial-of-service, or, in other words, many different computers bombarding your site at once in order to be more effective in their goal, and harder to identify and stop.
DDoS on the increase
DDoS attacks are on the increase. In 2012, a survey by analytics company Neustar showed that 22% of UK companies had experienced a disruptive DDoS attack during the year, 37% of which had lasted more than 24 hours. By 2014, Neustar’s survey showed that the proportion of UK companies suffering an attack had risen to 30%, while the figure for North America was a staggering 60%.
In June 2014, research by BT showed that 41% of organisations around the world had been hit by DDoS during the preceding year, with more than three quarters of those (78%) targeted twice or more in the year. One-in-five organisations have had their systems taken down for an entire working day.
DDoS attacks that make the news are usually large scale attacks on large companies. But the numbers above show that organizations of all types and sizes are affected. Neustar’s 2014 research showed the highest rate of increase to be among retail companies, who also have the most revenues at stake. At the time of writing, a quick Google news search shows news of overnight attacks on XBox Live, the City of Ottawa, a DNS company and many, many game servers. The list goes on.
Why do people perform DDoS attacks? Find out in our guide to website security threats.
Cost implications go further than revenues. Neustar’s 2014 research shows that 33% of DDoS attack mitigation involved 6 or more people. The disruption notably affects staff in the IT, customer service, call center and risk management departments.
Be prepared before it happens
The first step in any DDoS plan is to evaluate the potential cost of disruption to the different elements within your IT systems. The impact of a DDoS attack on a corporate blog, for example, will be a lot less than a website that is your main revenue generator, or a system that is a lynchpin in your operations. The higher the impact of a DDoS attack, the more justified time and money invested in protection.
See our article: how much downtime is acceptable?
Mitigating the risk of DDoS attacks means understanding your hosting architecture. Once you have evaluated the elements within your IT systems, understand where they reside on your servers. By knowing which server ports relate to business-critical services, you can ask your hosting provider to close down non-critical ports once you know that you are under attack.
Speak to your hosting provider to understand the steps and the delay involved in making this request, as well as the price of any system administration provided.
Now lets consider those critical components, like your website. An overhead of server and network capacity will allow your systems to handle surges in traffic, whether caused by DDoS or spikes in demand for your services, but comes at a price. The distributed and sophisticated nature of DDoS attacks means that firewalls do not provide comprehensive protection – firewalls do not necessarily detect traffic anomalies, only filter out known bad traffic, while the inline nature of Firewalls means they are actually a target of DDoS attacks that seek to saturate their capacity and cause a failure.
Instead, more sophisticated DDoS protection solutions are needed. These may take the form of data center hardware, offered by providers like Cisco, or network level solutions like Incapsula that are more suitable for servers hosted in a third party data center with a hosting provider like iWeb.
Incapsula DDoS protection, website security and CDN are available to iWeb customers.
Network level solutions like Incapsula are useful because much of the cost incurred is only incurred with your consent at the moment of an attack. These solutions use a variety of traffic anomaly detection, content delivery networks and traffic filtering to both reduce the impact of DDoS and provide the bandwidth capacity to cope with the attack. Since volume attacks can be measured in Mbps (megabits per second), network level solutions like Incapsula are priced according to the level of protection required at a given moment in time, itself determined by the gravity of the attack and the capacity of your network to cope with the traffic surge.
Example DDoS protection pricing
Neustar’s 2014 survey reported the following distribution of DDoS attack volume, measured in bps (bits per second).