Why brute force attacks like DDoS matter to everyone

“BBC says website knocked down due to apparent attack.”
– Chicago Tribune

“Cybercrime costs the average U.S. firm $15 million a year.”
– CNN Money

If you’re like most people, you see headlines like these, maybe glance at a few paragraphs, and then move on. The idea of a “hack” often has the connotations of big data breaches–fairly sophisticated attacks that won’t affect you and your website.

But there is a much less sophisticated attack that can be just as impactful and much more common–a DDoS attack. Distributed Denial of Service attacks are very cheap (there are websites that allow people to hire hackers to perform a DDoS attack on any site for as little as $40 an hour) but can have devastating effects on companies. Experts estimate that “the real-world cost of an unmitigated attack is $40,000 per hour” for businesses that are unprotected.

How can something that is such a big threat be so misunderstood — or even worse, simply ignored? To understand the threat, you have to understand the cause.

How it happens

DDoS attackers access your website the way a normal user would, only they do this thousands or millions of times over using a network of computers they control, commonly referred to as “bots” or a “bot network.” Accessing your site at such a large scale overwhelms the servers, and blocks your site from real users. This means potential clients could go to your site and get nothing but an error message. Pretty bad, right?

One North has partnered with an industry-leading DDoS protection service to allow an extra level of protection from DDoS attacks as an option on hosting agreements with our clients. This service directs users through a filter before passing them to your site, weeding out bot users and, therefore, mitigating the risk of a DDoS attack. This entire redirect is performed unbeknownst to end-users, so your clients will still have a seamless experience.

Threat detection and mitigation techniques, such as this service, are like insurance for your website. You have to ask yourself and your company as a whole – what are you willing to risk? If your company becomes the victim of a DDoS attack and is down for a whole week, what repercussions would your business face? How many news outlets would notice? Stopping these attacks before they happen is the surest way to mitigate risk.

Why haven’t I heard about this?

You have likely seen the effects of DDoS attacks in the news, but you might not realize it. Here a few very public examples of how these attacks can take down a business for hours or days at a time:

• December 31-January 1 – An anti-ISIS hacker group took down the BBC website for several hours. The group claimed to have used the BBC servers as a test for their capabilities. Whatever the motive, BBC.com was out of commission for several hours and lost all that potential traffic.
• Several dates in 2015 – Rutgers University took the brunt of six DDoS attacks in 2015. The longest outage resulting from these attacks was 5 days. During that time, no one could access the attacked Rutgers websites.
• January 13 – Hacker group Anonymous targeted Nissan as part of their series of attacks on Japanese government and business sites. Nissan was forced to take down two of its websites after this attack, likely to increase security. In the meantime, none of their customers are able to access that site.

Why would someone do this?

There are several reasons why a single hacker or group of hackers would attempt to take down one or more sites through a DDoS attack. In some cases, it might just be a bored hacker testing his/her capabilities. Other times, hacker groups target countries or companies based on their involvement in unsavory business. When the hacker group Anonymous went after Nissan, their goal was to put pressure on Japanese business and, in turn, the government to alter their policies on whale hunting.

Whether in the business of touchy subjects or just looking out for your and your clients’ information, it might be well worth your time, money and effort to include DDoS attack protection capabilities in your security plans for 2016.