What is a DDoS Attack? How to Protect Your Business's Website

Tom Grange
By Tom Grange, Director of Connectivity

Cyber security should be a priority for all business owners, as there’s a good chance your business will be targeted at some point. The latest government figures show that well over a third (39%) of businesses identified a cyber attack in the last 12 months.

If you think your business isn’t big enough or high-profile enough to attract hackers, think again - small businesses are collectively hit by around 10,000 cyber-attacks every day, according to the findings of a study from the Federation of Small Business.

And there are loads of ways that hackers can target your business, including a DDoS attack, which we’re going to look at in a bit more detail in this guide.

30-second summary

  • DDoS attacks are targeted attempts to shut down website infrastructure. An attack works by deliberately overworking web servers, networks or sites until they freeze or shut down completely. 
  • The identity of an attacker can be difficult to pinpoint but could be unhappy customers, employees or hackers who are just doing it for fun.
  • Cyber attacks such as DDos can cause all sorts of business problems such as loss of profits, leaked data, angry customers and broken internet security systems that need fixing.
  • Businesses can identify DDos attacks by looking for the following signs: suspicious volumes of traffic coming from a single source, 503 error pages, a slow site or timed-out ping requests.
  • Prevent a DDos from happening to your business by checking for vulnerabilities in your system, upgrading your router and broadband, blackhole routing and setting up system alarms.

What is a DDoS attack?

A distributed denial-of-service (DDoS) attack is a targeted attempt to shut down a network, server, or online service by flooding it with too many requests for it to handle. A successful attack will shut down any websites on that network or server.

What is the purpose of a DDoS attack?

A DDoS attack is designed to increase traffic to a server or website to such a degree that it slows it down so much it becomes unusable or shuts down completely. But why would anyone want to do this? 

It’s impossible to say what would motivate an attack on your website, but reasons can include revenge by disgruntled customers or employees, dirty tactics from a competitor, or a hacker simply doing it as a bit of fun.

It could be that the attacks are part of an automated network. To increase the volume of attacks they can carry out, hackers will use bots (pieces of code generated to perform repetitive tasks) and ‘zombie’ machines they’ve taken over by using Trojan horses or other types of malware.

How does a DDoS attack work?

A DDoS attack works by directing so much traffic to a website or server that it becomes unusable or shuts down completely. 

Think about when a ticketing website goes down because a certain event creates more traffic than it can deal with – hackers replicate this for a DDoS attack, by using a network of computers to send requests and max out the capacity of the target host. This causes a denial of service error which blocks normal traffic to the host.

If you have a static IP address, then this could mean your business is more susceptible to a DDoS attack and you’ll need to make sure your digital security is as robust as possible. This is because IP addresses that don’t change are easier to find and track.

What are the dangers of DDoS attacks for businesses?

As with any type of cyber attack, there are several ways that being a target can affect your business, including reputational damage and loss of income. Here are some of the most common dangers of DDoS attacks.

Cost of restoration and recovery

If you become a victim of a DDoS attack, your website will be severely slowed down and could be knocked out completely until you manage to restore services. Once the attack has stopped, you’ll need to get unblocked by your internet service provider (ISP) and re-establish border gateway protocols (BGP) - this is the system that chooses the most efficient routes for data to get to and from your website.

You’ll also need to check and restart all firewalls (this protects your network from unauthorised access) and make sure all applications have been recovered so all customers can access them again. This could cause its own DDoS-like issues if everyone tries to access your website at the same time. 

The cost of restoration and recovery could keep IT staff busy and cost a fair bit of money.

Cost of being offline 

Whether you run a café with an online booking system, or your business depends entirely upon your e-commerce site, being offline will see you lose money. As DDoS attacks become more sophisticated (as all cyber attacks inevitably do), they take longer to resolve. And more time offline means more money lost. You could even lose customers to your competitors.

Data breaches

DDoS attacks can be used as a distraction while hackers go about stealing data from your business. A DDoS attack is easy to identify as your network goes down, and cybercriminals can then launch further attacks to get at your data while you’re concentrating on getting things back up and running. Figures from Statista show that the average cost of a data breach in 2022 was £1,200. These costs usually increase in line with the size of the business that’s been attacked, and you also need to consider the reputational damage and the impact of a GDPR breach.

Dissatisfied customers

If your website is down for any length of time, this could be great news for any competitors that can scoop up your dissatisfied customers. But things could get even worse if those customers also hold you responsible for any associated data breaches and file a liability suit against you.

How businesses can identify DDoS attacks

Cyber attacks usually come without any warning, but there are plenty of warning signs where DDoS attacks are concerned. Keep an eye out for one or all of the following:

  • Suspicious volumes of traffic coming from a single IP address - This can indicate that hackers are using bots and zombie devices to flood your site from one location. Lots of traffic from users that share the same device type, location, or web browser, and random traffic patterns that appear unnatural can also be a sign of a DDoS attack.
  • Your website is running slowly or showing a 503 -error page – DDoS attacks are designed to bring your network to a grinding halt, so your website slowing down could be the first sign of an attack. If you get a 503 error when trying to access your site, this is because the server is not ready to handle the request and indicates it’s being overloaded.
  • Ping request TTL timing out – This means your server isn’t able to respond to requests within a certain timeframe and is another sign that it’s being overloaded with requests.

How to prevent a DDos attack

Unfortunately, stopping a DDoS attack takes a lot more work than simply blocking traffic from a single IP address.  If the hackers are using multiple or dynamic IP addresses, they can still take your business offline.

The best way to prevent a DDoS attack is to work out your weaknesses and invest in your cyber security. Here are some things to consider:

Understand your weaknesses

If your server is capable of handling thousands of requests at once, it will likely be in better shape to resist a DDoS attack than if it was on a server that could only handle hundreds of requests at once. Likewise, if your website is on a dynamic IP address, it will be less vulnerable to a DDoS attack than a website on a static IP. Check for any weaknesses in your systems and make changes where necessary.

Upgrade your router and broadband plan

If you're getting by with a bog-standard router, you might be more susceptible to a DDoS attack. A business-grade router can offer extra bandwidth that can make a DDoS attack more difficult, or at least buy you some more time before your systems crash. 

The same goes for your broadband deal, as greater bandwidth means your network will be able to better handle multiple requests. Business broadband deals also come with priority customer service and business-specific service-level agreements.

Find out more about how to switch business broadband with Bionic

Blackhole routing

Blackhole routing is a way to send malicious traffic down a dead end, so it doesn’t affect your network. This acts as a type of firewall, as you can set up a blackhole route to discard requests from certain IPs, keeping the lanes to your website free.

This is a pretty techy solution, but one that a cyber security expert should be able to help you with.

Set up system alerts for suspected attacks

Even if you know what to look for, it can still be hard to detect at DDoS attack. It could help to get your system administrator or whoever looks after your tech to set up email alerts to notify you of suspicious activity. You can learn more in our guide to internet security.

Internet security can be confusing at the best of times, but it’s important to make sure you have all of the right tech and processes in place to protect your business.

Sort your business broadband with Bionic

There are many reasons to switch to a business broadband package with Bionic. We work with a panel of trusted suppliers to help you get the right speeds at the right price. Our providers also offer priority customer service, more reliable download speeds and better upload speeds, enhanced security, and access to additional services including VoIP.

Our tech-enabled team can also help with a range of other business essentials, including energy, insurance, and finance. Give us a call now on 0808 253 7117.