How much would you charge if someone offered you cash to shut down your business for a single hour in the working day? That would mean no answering phones or emails, no selling products to customers or letting them browse what you have to sell, and absolutely no providing support or services to people who have already paid you money.
You might start by calculating the hourly wages that you pay employees and the lost revenue that you would have stood to make in that time, then adding a little bit extra to account for your troubles. But this might not be enough: Consider, for example, the annoyance it might cause to new prospective customers if you’re not open when they want. Or, if you’re a company that does business online, the impact that it could have on customers who need you to be open to access particular goods they’ve already paid for.
Now think about what would happen if this closure wasn’t for one hour, but for several — or even, potentially, days, weeks, or months at a time. And if it wasn’t your choice to close.
This, in essence, is the threat posed by Distributed Denial of Service (DDoS) attacks. These malicious attacks are intended to overwhelm websites or online services by bombarding them with more fraudulent traffic than the servers are able to cope with. The cost of such attacks can be anywhere between tens of thousands and more than a million dollars per hour — and that doesn’t necessarily include the long-term negative impacts.
A brief history of DDoS attacks
DDoS attacks date back to the 1990s, with instances like a 1996 attack on Panix, an internet service provider (ISP) in New York. Bombarded with massive amounts of fraudulent packets from a spoofed IP address, the attack knocked out Panix for approximately 36 hours.
Taking down a major ISP for more than a day is a pretty major incident when it comes to cyberattacks. But DDoS attacks have only become more disruptive and dangerous in the quarter-century that’s elapsed since the Panix attack. Not only is the world more reliant on connected infrastructure today than it was in 1996, but the size, duration, and quantity of these attacks has greatly increased.
For example, in 2020 Google disclosed an attack launched against thousands of its IP addresses which lasted for six months and, at its height, was assaulting Google with a mind-bogglingly large 2.5 Tbps of fraudulent traffic. Attacks are increasingly commonplace, as well. Between 2014 and 2017, the number of DDoS attacks increased an estimated 2.5x. In 2020, the total number of DDoS attacks reportedly hit 17 million.
Explanations for the increasing attacks
There are multiple explanations for this increase. One, as noted, is the increasing reliance on connected infrastructure, which allows cyber attackers to inflict more damage with attacks than has ever been possible in the past. With more people than ever reliant on connected services, whether cloud-based apps for entertainment or tools for remote working in the time of the coronavirus pandemic, a well-placed DDoS attack can negatively impact far greater numbers of people than ever before.
Another factor is the lowered barrier to entry, courtesy of phenomena such as DDoS-for-hire services, which allow would-be attackers to rent a botnet to carry out a DDoS attack for just a few dollars a time.
One other key factor is the rise of the Internet of Things (IoT) and its associated connected devices. These can be infected by malware and used to amplify the effect of DDoS attacks, allowing attacks of unparalleled size to be leveled at victims, while simultaneously hiding the identity of the attacker.
Protecting against DDoS attacks
It’s therefore no surprise to hear that protecting against DDoS is critical to enterprise cybersecurity solutions. Fortunately, the tools to help are available. DDoS protection measures allow businesses and other organizations to detect malicious traffic and to block it, while continuing to allow legitimate requests through. These tools can also help to absorb large-scale DDoS attacks without faltering, thereby protecting services from being brought down by malicious attacks.
With DDoS attacks only getting more frequent and damaging with time, it’s essential that business decision-makers take the right steps to protect themselves and, by extension, their employees. The impact of DDoS attacks can be significant and, in some cases, doesn’t just risk bringing down a website or service temporarily; it could also have an extremely detrimental effect on a business that will last considerably longer.
Guaranteeing that you are properly protected and able to block large-scale, modern attacks is a game-changer. Make sure you take advantage of the tools at your disposal. It’s a decision that you’re extremely unlikely to ever regret.