⭕ What is a DDoS attack?
Distributed Denial of Service attacks are malicious attempts to disrupt the normal internet traffic on an organisations’ server or network. These attacks overwhelm the target with a sudden flood of additional traffic which causes the server or network to crash.
⭕ What does a server / network crash actually mean?
A crash means that legitimate traffic, such as visitors to the organisations’ website, or employees trying to access the network, cannot get through. As such organisations cannot operate until the attack has been identified and dealt with.
⭕ What is the long-term harm of a DDoS attack?
In the short-term, employees and customers cannot engage with the organisation in the way they are supposed to. This means lost productivity, an impact on customer service, lost business. Longer-term it can mean reputational damage that can damage the organisation for years to come.
⭕ What are the signs of a DDoS attack?
Suspicious amounts of traffic originating from a single IP address or range. An increase in traffic from users who share a behavioural profile such as device type, geolocation, or web browser version. An unexplained surge in requests to a single page or endpoint.
⭕ What can be done in the event of an attack?
Contact the web hosting provider and ask them to block all incoming protocol requests. This will relieve demand on the server an provide time to deal with the attack.
⭕ This all feels very technical, is it just a concern for IT?
No. Staff should be trained on strong security practices as a first line of defence to help keep networks protected. Staff should know how to create strong passwords, identify the signs of a phishing attack, and understand the cyber security threats that they can help defend against.
They can also be trained to spot the warning signs of a DDoS attack. These include network slowdown, intermittent connectivity and website crashes. These signs could relate to something else but they should be reported to management just in case.
The Senior Leadership Team should have an incident response plan in place. The plan should detail how operations will be sustained during a DDoS attack, outlining how to handle the attack, which stakeholders will need notifying, and how to ensure communication with the rest of the organisation continues.
⭕ What can IT providers do?
Make sure that systems are updated regularly, and that the infrastructure has multi-level DDoS prevention solutions, such as firewalls, VPNs and content filtering.
⭕ Where to start?
We provide fully-funded staff training to organisations at no cost to the end user. This ranges from awareness presentations through to crisis simulations and mock phishing.
The Cyber Resilience Centre for Wales are able to provide vulnerability assessments and incident response plan development support.
Police CyberAlarm is a fully-funded tool that can be used to monitor external traffic attempting to get through an organisations’ firewall. Police Cyber Alarm can spot the signs of an early DDoS attack and alert us, and we in turn can support the organisation to help mitigate the attack before it develops.