Don’t let a DDoS attack derail your business

DDoS attacks disrupt network resources, services 

A DoS attack occurs when an attacker floods a server with a higher volume of network requests than it can handle, causing the server to shut down or fail. A distributed denial-of-service (DDoS, pronounced “dee-doss”) attack is a DoS attack in which malicious traffic originates from many different global sources and systems, making it harder to pinpoint and stop.

DDoS attacks can overwhelm even the most sophisticated systems, resulting in service disruptions that take significant time and resources to resolve and can cause significant financial losses for the affected business. These attacks are also almost impossible to predict and extremely difficult to prevent.

What kinds of businesses are potential targets?

Hackers and other malicious actors launch DDoS attacks for a variety of reasons. Some use a DDoS attack as a diversion or distraction to tie up IT and security resources, deflecting attention while they attempt to steal financial data or personal identifiable information to commit identity theft and other forms of fraud. In other cases, a “hacktivist” with social or political motives will target an organization in retaliation for perceived wrongdoing, hoping to create chaos that disrupts operations or damages the target’s reputation. Any business with an online presence is a potential target, but technology companies, banks and other financial institutions, government entities and educational institutions are among the most common targets for DDoS attacks.

What does an in-progress DDoS attack look like?

During a DDoS attack, cybercriminals will attempt to disguise fake traffic as coming from legitimate users—which can make it hard for a company to detect before damage has been done. Signs of a DDoS attack include:

• a high volume of traffic coming from sources with similar characteristics (like the same type of device, browser or IP address)
• a massive, sudden increase in traffic directed at an individual server or endpoint
• a server crashing repeatedly for no obvious reason
• a website taking too long to respond to requests

Your firewall or other network security tools may also alert you to the presence of unusual network traffic that could be associated with a DDoS attack. If your business is the target of a DDoS attack, your network security tools may take corrective action automatically by filtering and redirecting suspicious traffic.¹ Once servers have crashed, it can take hours to restore operations fully, so it’s important to act quickly to minimize downtime.

Steps you can take to protect your business:

Companies may not be able to predict or prevent DDoS attacks, but they can prepare. Here are three steps businesses can take to help mitigate the impact of these incidents if or when they occur:

1. Invest in cybersecurity resources: Whether it comes from your in-house IT team or a third-party provider, make sure you have access to reputable and reliable cybersecurity support.
2. Consider signing up for DDoS protection services: A dedicated DDoS protection service can offer businesses more robust safeguards against DDoS attacks. These services can detect an attack in progress and reroute malicious traffic to mitigate the effects on your network and your business.²
3. Establish business resiliency and recovery plans: These plans are not limited to cybersecurity incidents, but should include measures to address them, such as back-up or fail-over servers that allow your business operations to continue in the event of a DDoS attack or other disruption.

Finally, if your business experiences a DDoS attack, it’s important to conduct a post-incident analysis. How did the attack happen? What did the business do to address it? What was the outcome? What steps can the organization take to prevent another incident? A DDoS attack is never a welcome occurrence, but moving forward with valuable lessons learned can be the silver lining in an otherwise unfortunate experience.

Learn more at key.com/cybersecurity.