How to deal with a (D)DoS attack – what to do if you are affected

Christmas is coming and business is booming. It’s gearing up to be the busiest day of the year for your organisation. Stock levels are high, orders are coming in through your e-commerce site every couple of minutes, your fulfilment team is flat out picking and packing, ready to dispatch orders in time for Christmas, and your customer service team is doing a fine job of handling customer enquiries.

You are experiencing record sales, are well ahead of forecast, and everything is looking good. But then – phut! – your website disappears and your orders dry up in an instant. Christmas is cancelled. You have just become victim of a denial-of-service (DoS) attack.

As panic sets in, frantic questions pop into your head:

“What happened?”

“Why me?”

“How do I get back to business as usual, and fast?”

There are several types of denial-of-service (DoS) attack, but all have the same basic end: preventing legitimate users from using online services by overwhelming the services with traffic.

Some DoS attacks consume computational resources like bandwidth and memory, some disrupt network components, some focus on a vulnerability in a system which, if exploited, will cause it to become unstable or unresponsive.

While a DoS attack uses a single Internet connection to flood your website server with packets, a distributed denial-of-service (DDoS) attack will attempt to make your online services unavailable by using multiple computers and Internet connections (IP addresses), often distributed globally in a botnet.

Both could lead to genuine web visitors not being able to access your website. Both spell disaster.

Remediation is, frankly, complicated and is dependent on numerous factors too complicated to discuss here. Your best bet is to have a reputable technical services firm such as IT Governance on standby to advise you on your specific circumstances. Even then, it could take days for your website to be rescued, and the cost of lost business at this busy time of year, not to mention the reputational damage your organisation will suffer as a result of your inability to fulfil orders, could be the end of you.

For businesses, Christmas is clearly in view. The last thing you want is a catastrophe on your hands at this busy time of year. So what can you do now? Prevention is better than a cure, so how can you ensure your information security systems are robust enough to withstand (D)DoS attacks? And how do you know where a (D)DoS attack will strike?

Regular penetration testing will identify potential vulnerabilities in your infrastructure and web applications, and will provide recommendations to improve your network security, enabling you to ensure that your organisation can withstand attack.

IT Governance is a CREST-accredited penetration testing company, and can therefore provide trusted infrastructure, application and network tests that will show you exactly where your weak points lie, enabling you to take immediate action so that you can continue to comply with client requests, meet the requirements of the international standard for information security management, ISO 27001, and ensure that your organisation operates smoothly throughout the important festive period.

As a special offer, if you order our Combined Infrastructure and Web Application Penetration Testing service in November, we’ll throw in an email phishing campaign to test your staff awareness absolutely free. Click here for more information >>

Combined (1)