Protect your business
Kia pare i tō pakihi i ngā whakaeke DDoS

Protect your business against DDoS attacks

Distributed denial-of-service (DDoS) attacks can be complex – find out what’s vital to keep your business running in case of an attack, and how to choose the right protection.

Laptop showing a 503 'service unavailable' web page.

What is DDoS?

View transcript

[Audio/Visual]: As the screen opens, quiet music plays in the background. The music plays throughout the video. The screen opens displaying a person with her left side to camera, standing in front of bunches of bright flowers. They are watering them with their right hand. The background is blurred but there is a working station/desk and more flowers.

Narration starts immediately, as it does, the person moves about watering the bunches of flowers.

[Audio/Narration]: ‘Meet Marama, she’s a florist.’

[Visual]: Frame changes to a new scene with a person sitting on a dark green couch. They are looking down at a laptop in front of them which sits on a low coffee table. The couch has yellow accents with cushions and a throw rug. The room they are sitting in has grey carpet and the wall has colourful artwork. The coffee table has hexagon coasters sitting next to the laptop.

The person while looking at their laptop is waving their hands up in frustration and goes back to typing. They then pick up a cell phone, and the frame zooms in closer to a waist shot.

[Audio/Narration]: “She gets a call from one of her regular customers, Peter.’

‘Peter is trying to order flowers from Marama’s website, but the website won’t load, and is showing an error message - 503 Service Unavailable.”

[Visual]: As the call takes place, the frames swap back to the florist who is putting together a bunch of flowers at the service desk. The bunches she was watering in the opening scene are in the background, and more shelving with glass jars can also been seen. The florist is holding a phone in her left hand. As the call is taking place, the florist has a concerned / confused look on their face.

The scene changes back to a view of the caller’s laptop. Their hand is in frame, pushing buttons on the keyboard. The laptop screen has a 503 service unavailable error message. The scene pops back to the florist, and then back to the caller to illustrate the conversation on the phone. The last shot of the florist has her nodding her head as she is being told about what the issue might be.

[Audio/Narration]: “Marama is confused, and Peter suggests she might be being DDoSed, and working in cyber security, tells her more about it.”

[Visual]: A new scene with a person looking straight to camera appears. The person has the same authority and sounds the same as that who is narrating. They are standing at waist height in a teal long sleaved top with frilly details. They have a mic and red nail polish. The backdrop to this scene is a room with tables and chairs and green painted walls. There are inside plants scatter around and on the tables. As they are explaining what DDoS stands for, the screen displays words in white colouring “DDoS Distributed Denial of Service attack” to the top right-hand side of the screen.

[Audio]: “A DDoS stands for distributed denial-of-service attack, aimed at stopping online websites and tools from working, by overloading them.

Networks can only process a certain number of requests at once, so the attack works by flooding a website with false requests, blocking any genuine requests from getting through.”

[Visual]: The screen cuts to a bird’s eye view of a busy motorway showing overhead bridges and offramps. Lanes are blocked with a lot of cars going one way and freely running on the other. The screen pans out / camera gets higher showing more and more of the motorway as the audio continues.

[Audio/Narration]: “Think of it like intentionally causing traffic jams on a motorway and shutting down a city, by adding thousands of cars to the roads.”

[Visual]: Scene cuts back to the narrator talking direct to screen.

[Audio] “When this happens, your customers may not be able to access your website, order goods or services from you, pay you, or even contact you.

You can spot a DDoS attack in a few ways, like being unable to load your website…

[Visual]: narration continues, the scene pops back to the person on the couch looking frustrated and back to the laptop 503 error message view.

[Audio/Narration] “…your website being so slow that it’s unusable, your internet constantly disconnecting or timing-out, or 503 Service Unavailable Errors.”

[Visual]: Florist is back on screen

“So what do I do?” Marama asks Peter.

[Visual]: New shot showing screen mirroring of CERT NZ’s reporting tool. “Report an issue” is at the top of the page and the mouse moves through the reporting tool showing the steps required to take to report a DDoS incident. This includes drop down options to select the situation that best describes the issue the reporter is having. This example selects the following – (chosen options in italics):

I’d like to report something that happened [to me] [in the last week.]

I’ve had an issue with [a website.] I [think something is wrong with my website] because [there is an issue or an error on it.] [I don’t know what to do]. [The issue hasn’t been resolved.]

Along the bottom of the screen, a url link appears showing a direct link to the online reporting tool: cert.govt.nz/individuals/report-an-issue/

Once all options are selected, the following text appears at the bottom: It sounds like someone has gained access to your website without your knowledge.

[Audio/Narration] “Report the incident with CERT NZ, through their website. Provide everything you know, as well as your contact details, so CERT NZ can provide confidential advice to help you through the attack.

[Visual]: New scene of florist sitting at a desk with desktop computer in front of her. She has her left hand up to her mouth and her right hand is placed on the mouse. The scene flicks to a closer head shot of the florist, with the camera panning left to right from behind her screen. The florist’s eyes indicates they’re looking at the form filling in the drop down selections.

[Audio/Narration] “and assist you in talking to your managed service provider or website host for more help.

[Visual]: The last scene brings back the narrator looking and talking direct to screen scene. A phone number 0800 CERT NZ slides on to the screen in the bottom right corner.

[Audio] ‘Head to the report an issue page on CERT NZ’s website to report or you can also call CERT NZ on 0800 CERT NZ.

[Visual]: Closing slide appears with slightly louder backing track. The screen is blue with the CERT NZ logo at the top. Underneath the logo, there is white text ‘For more cyber security advice, go to cert.govt.nz.’ The Digital Boost logo is in the bottom left corner and the New Zealand Government logo is in the bottom right corner.

How to protect your business

A distributed denial-of-service (DDoS) attack tries to stop your online tools and websites from working by overloading them. 

Distributed denial-of-service (DDoS) attacks

Here's how to prepare your business to ensure you'll be able to weather the storm.

  • Understand your businesses critical assets and services

    Start by identifying any systems and services you use that are exposed to the internet and the potential vulnerabilities they have. Create a list of all the external-facing assets your business uses that could be exposed to an attack and list them by priority of how critical they are to running your business.

    For example:

    • customer-accessible websites or services
    • staff-dependent websites or services (like web mail or systems)
    • supporting (for example, Domain Name System)
    • equipment that sits at the public edge of your networks (like and ), or
    • any systems you host on networks, including anything in the .

    Identifying your critical assets is the first part of developing a business continuity plan. In the event of an attack the plan tells you what needs to be back up and running and in what order of priority.

  • Talk to your managed service provider or IT provider

    If you have a managed service provider (MSP)or IT provider, find out:

    • if their service includes DDoS protection, and
    • what's included in that protection.

    DDoS protection may be included in your existing package, or it may be an optional add-on.

    If you don’t have an MSP

    If you look after your online services yourself, consider getting DDoS protection through an outside provider.

    It’s unlikely you will be able to put all the mitigations in place in-house to stop a DDoS attack. Many MSPs offer basic DDoS protection packages that can be tailored to suit your business.

  • Consider specialist anti-DDoS protection

    Specialist anti-DDoS protection services will be able to provide more robust protection, as well as extra protection against larger, more advanced attacks. Anti-DDoS services have the skills to:

    • monitor traffic
    • confirm an attack
    • identify the source, and
    • mitigate the situation.

    A specialist anti-DDoS service provider will also offer rapid incident response, expert technical advice (including 24/7 support in most cases) and shared attack analytics, helping you understand how future attacks can be stopped.

  • Choose the right type of DDoS protection

    There are two main forms of protection: always-on and on-demand.

    Always-on protection

    The provider maintains continuous protection. This means you should be guaranteed that if your service is hit by a DDoS attack, at any time day or night, your applications and website would be protected. This service is the most expensive.

    On-demand protection

    The more cost-effective option. Protection is switched on only when you notify your provider that you're experiencing an attack. Once the attack has been resolved, protection is turned off again.

    The drawback of this approach is that protection is only activated once you raise an issue with your provider – and it may take time for them to implement the protection. There is also no guarantee that the attacker won’t come back to target you again when your guard is down.

Get help

When you detect abnormal activity that you think may be a DDoS attack, contact your MSP or web administrator immediately. They should be able to diagnose what type of attack you’re experiencing, and work with you to mitigate it.

They may:

  • block traffic from a particular country or type of device (for example, WebAgent), or 
  • block all access until the attack has calmed down. 

External services will likely stay down, but internal ones may keep going.

While you are working through the attack, you'll need to:

  • work closely and keep in regular contact with your service provider
  • notify your staff or employees of the impact or outage to services, and keep them up-to-date on what is happening 
  • tell your customers or clients what is happening. Chances are if your website or front-facing systems are down, it won’t be long before people become aware – it’s good to be proactive about letting them know there's an issue and you’re working on getting it back up and running
  • redirect traffic to a backup static webpage, if possible. 

Communicating in an online security incident

Report a DDoS attack to CERT NZ

CERT NZ can help you through the attack and provide information and guidance on where you can get help to mitigate it. It’s important to provide your contact details so we can reach out to offer help. 

All reports to CERT NZ are treated as confidential.

Get help now