How to protect your business
A distributed denial-of-service (DDoS) attack tries to stop your online tools and websites from working by overloading them.
Distributed denial-of-service (DDoS) attacks
Here's how to prepare your business to ensure you'll be able to weather the storm.
Understand your businesses critical assets and services
Start by identifying any systems and services you use that are exposed to the internet and the potential vulnerabilities they have. Create a list of all the external-facing assets your business uses that could be exposed to an attack and list them by priority of how critical they are to running your business.
For example:
- customer-accessible websites or services
- staff-dependent websites or services (like web mail or VPN systems)
- supporting infrastructure services (for example, Domain Name System)
- network equipment that sits at the public edge of your networks (like firewalls and gateways), or
- any systems you host on third-party networks, including anything in the cloud.
Identifying your critical assets is the first part of developing a business continuity plan. In the event of an attack the plan tells you what needs to be back up and running and in what order of priority.
Talk to your managed service provider (MSP) or IT provider
If you have an MSP or IT provider, find out:
- if their service includes DDoS protection, and
- what's included in that protection.
DDoS protection may be included in your existing package, or it may be an optional add-on.
If you don’t have an MSP
If you look after your online services yourself, consider getting DDoS protection through an outside provider.
It’s unlikely you will be able to put all the mitigations in place in-house to stop a DDoS attack. Many MSPs offer basic DDoS protection packages that can be tailored to suit your business.
Consider specialist anti-DDoS protection
Specialist anti-DDoS protection services will be able to provide more robust protection, as well as extra protection against larger, more advanced attacks. Anti-DDoS services have the skills to:
- monitor network traffic
- confirm an attack
- identify the source, and
- mitigate the situation.
A specialist anti-DDoS service provider will also offer rapid incident response, expert technical advice (including 24/7 support in most cases) and shared attack analytics, helping you understand how future attacks can be stopped.
Choose the right type of DDoS protection
There are two main forms of protection: always-on and on-demand.
Always-on protection
The provider maintains continuous protection. This means you should be guaranteed that if your service is hit by a DDoS attack, at any time day or night, your applications and website would be protected. This service is the most expensive.
On-demand protection
The more cost-effective option. Protection is switched on only when you notify your provider that you're experiencing an attack. Once the attack has been resolved, protection is turned off again.
The drawback of this approach is that protection is only activated once you raise an issue with your provider – and it may take time for them to implement the protection. There is also no guarantee that the attacker won’t come back to target you again when your guard is down.
Get help
When you detect abnormal activity that you think may be a DDoS attack, contact your MSP or web administrator immediately. They should be able to diagnose what type of attack you’re experiencing, and work with you to mitigate it.
They may:
- block traffic from a particular country or type of device (for example, WebAgent), or
- block all access until the attack has calmed down.
External services will likely stay down, but internal ones may keep going.
While you are working through the attack, you'll need to:
- work closely and keep in regular contact with your service provider
- notify your staff or employees of the impact or outage to services, and keep them up-to-date on what is happening
- tell your customers or clients what is happening. Chances are if your website or front-facing systems are down, it won’t be long before people become aware – it’s good to be proactive about letting them know there's an issue and you’re working on getting it back up and running
- redirect traffic to a backup static webpage, if possible.
Communicating in an online security incident
Report a DDoS attack to CERT NZ
CERT NZ can help you through the attack and provide information and guidance on where you can get help to mitigate it. It’s important to provide your contact details so we can reach out to offer help.
All reports to CERT NZ are treated as confidential.