Canadian businesses face a growing cyberthreat: distributed denial-of-service (DDoS) attacks. Here’s what you need to know.
The cost of cybercrime is expected to skyrocket to $6-trillion globally within the next three years, according to a recent security report. But while high-profile ransomware and hacking cases have many businesses concerned about internet security, there’s another type of attack that’s on the rise–and too many businesses underestimate the risk.
Distributed denial-of-service (DDoS) attacks are characterized by massive volumes of illegitimate traffic that flood your network, bringing your websites, apps, servers and other online properties to a standstill. DDoS attacks can happen to businesses of any size at any time, and in 2017, the number of attacks and attempted attacks experienced by organizations around the world skyrocketed. Data from the first quarter of 2018 showed an even further increase in the number and duration of DDoS attacks.
"DDoS attacks skyrocketed in 2017, and increased again in the first quarter of 2018."
Here’s what you need to know to protect your business.
How do DDoS attacks work?
The most common type of DDoS attack, a volumetric attack, works by sending large volumes of traffic to your network infrastructure, flooding bandwidth and rendering your online properties inaccessible to customers and employees. The traffic typically comes from “zombie devices”: regular computers, phones, IoT sensors and other devices infected with malware.
There are two other types of DDoS attacks – application layer attacks, which target specific apps such as a site’s email or search functionality, and state-exhaustion attacks, which overwhelm web server, firewall and load balancer connections. But these types are rare compared to volumetric attacks.
What are the consequences of a DDoS attack?
When an organization’s network goes down, the consequences can be devastating and include lost sales and business opportunities as well as reputational damage that can be difficult to overcome. There are also major costs associated with fighting an attack and restoring service. Globally, the cost of a DDoS attack averaged more than $2-million per attack for enterprise-level businesses in 2017—a number more than half a million dollars higher than the year prior.
The increasing duration of DDoS attacks undoubtedly contributes to these astounding numbers – the longest attack recorded in Q1 2018 lasted 297 hours, or more than 12 days. Imagine the cost to your business of being down for that long.
How can I protect my business against this threat?
Given the data on DDoS attacks, it’s clearly more important than ever for businesses to ensure that both their own networks and their cloud providers are protected. What can businesses do to mitigate the risk? Though the less common application layer and state-exhaustion attacks can be fought off by on-premises devices, like firewalls and other appliances specifically designed for such attacks, these measures are no match for volumetric attacks.
Volumetric DDoS protection solutions provide an additional security layer that exists between the internet and your network. They work by spotting and eliminating illegitimate traffic before it can reach your network and inflict harm. Not all DDoS protection is equal, so it’s important to ask a provider about response times and the number of traffic scrubbing centres they leverage. More scrubbing centres means quicker, more efficient scrubbing.
With companies facing more and longer DDoS attacks than ever before, it’s vital that Canadian organizations take steps to protect themselves as soon as possible.