Data shows that more than half of all small businesses have websites, which they use to advertise services, offer information to local consumers, and even to directly drive sales. However, while many small business owners invest heavily in their websites, they rarely think that these websites will be attacked. Unfortunately, this is far from true, and 43% of all cyber attacks are aimed at small businesses. Distributed Denial of Service (DDoS) attacks are one of the largest risks to small biz websites, and as a business owner, you must be aware of them so that you can protect your business.
What are Distributed Denial of Service Attacks?
A DDoS attack is a malicious attack on a website or server, where hackers send massive amounts of data to servers, rendering them unusable. While the majority of these hacks are directed at large businesses, anyone with a website and a measurable value attached to their website is at risk, as hackers often target small businesses, or use automation to pick targets.
One of the largest examples of DDoS occurred in October of 2016, when a massive portion of the internet went offline, rendering websites like Spotify, Reddit, Twitter, Etsy, Basecamp, Squarespace, and hundreds more useless. This outage was caused by a DDoS attack. In this case, the attack was directed at Dyn, a company that provides Domain Name Servers (DNS) for nearly half of the internet. When Dyn’s servers went down, so did millions of small business websites, shops, and resources.
While most DDoS attacks are carried out on a significantly smaller scale, they are a risk to businesses of all sizes. As a small business owner, it is important to be aware of how Denial of Service attacks happen and how you can protect your assets and data from them.
The Inside Scoop on DDoS Attacks
Hackers launch DDoS attacks in hopes of disabling websites and servers, often with one or several goals in mind. The most common attacks against small business websites are intended to incapacitate the website and possibly the business server, resulting in lost funds and loss of reputation for the business. Here, the hacker will likely demand a ransom in exchange for stopping the attack.
The fact that your website is down, harming your business, makes you more likely to pay this ransom. A DDoS attack can ensure that you lose traffic and sales and prevent you from accessing vital tools – even if it is aimed at your server. These attacks typically last for days. The longest in 2016 was 12.5 days – longer than any small business can afford to be offline.
Ransom Emails – In some cases, hackers will send ransom emails 24 hours before beginning an attack. In these cases the hacker will typically demand a ransom paid in Bitcoin (typically to a value of $200-$800), promising to attack your site if not paid. Responding to the email to pay the ransom can result in the hacker calling the attack off, but it might not. If not paid, the hacker begins an attack that lasts for a few hours to a few days, repeats the request for payment, and then continues the attack. These types of attacks can be reported to the police.
In other attacks, hackers may aim to incapacitate your website so that they can more easily steal sensitive data such as credit card information, customer emails, and intellectual property.
How to Protect Your Business from DDoS Attacks
While there is no sure way to defend against a DDoS attack, you can take steps to mitigate your risks and reduce the chances of a DDoS attack happening.
- Switch to cloud-based applications where possible. These tools and services can handle significantly higher volumes of traffic because they are not on private servers, making them less vulnerable to attack
- Research the defense mechanisms your hosting provider or server provider utilize. Selective traffic blocking, offline backups, and smart detection algorithms should all be on the list. Thousands of DDoS attacks happen every day, so your provider should have algorithms in place to recognize when attacks do happen.
- Backup your data regularly. This ensures that if a DDoS attack disabled your website you can restore the data without paying a ransom.
- Encrypt data on the site, so that if you are attacked, any data stolen during the attack will be safer.
- Ask your IT team to set up a script to alert you of large jumps in traffic.
- Ask your IT team to ensure that you can block traffic from specific networks and IP addresses on-demand. Some attacks use a single IP, others use thousands through a botnet of computers.
- Ask your IT team to ensure that your firewalls and other security measures will remain in place in case of an attack.
A DDoS attack can incapacitate your website and server, and there is likely nothing you can do to stop it. However, you can take mitigating measures, ensure that your data is safe even if an attack happens, and work to create an early warning system so that you can take steps to block offending IPs and networks where possible.
If you want to learn more about how a Denial of Service attack could impact your business, a Threat Sketch risk analysis will help you to determine your cyber security risks so that you can take the steps to protect your business.
About the Author: Brandy Cross is a freelance writer specializing in technology and marketing solutions for SMBs, with experience writing for everyone from startups to Fortune 500s.