There are few fates worse for an internet service than to be rendered inaccessible to customers or other users. That is the goal of cyber attackers waging a DDoS (Distributed Denial of Service) attack against a victim. A DDoS attack uses a number of compromised systems to bombard a target with junk traffic with the goal of overwhelming it and rendering it inaccessible to legitimate users. Imagine it like redirecting large numbers of vehicles down a single street or getting massive numbers of phone callers to repeatedly dial a business. At a certain point, both would cause the respective targets to be unable to handle genuine traffic.
DDoS attacks have been around for several decades. But during that time, the core idea has continued to evolve — resulting in different approaches to DDoS that utilize botnets consisting of IoT devices, encompass larger and longer-lasting attacks, and which attack not just websites, but also VPNs (Virtual Private Networks), VoIP (Voice over IP), and a wide number of other pieces of connected infrastructure. In doing so, they’re more damaging than ever to those who are hit with DDoS attacks. For those without DDoS protection that works effectively, the results can be extremely damaging.
How DDoS can hurt you
It goes without saying that being hit with a DDoS attack is annoying, and probably frightening for victims. However, don’t think that the true costs amount simply to a fitful night or stressful couple of hours on the part of businesses. In fact, a DDoS attack can cause damage in all kinds of ways. Here are five:
#1. Operational losses
If a shop was unable to accommodate customers, it would lose their custom for those hours. Exactly the same is true for an online service during a DDoS attack. If customers or users can’t access a service, they will be unable to spend money. Moreover, investors or advertisers could withdraw their money from an online service that is not available for periods of time, since this also affects their ability to earn money from it. On top of this, companies may have to pay compensatory losses to their customers, especially if it’s a premium service that they are left unable to access.
#2. Reputational damage
It’s relatively straightforward to calculate the amount of money lost in sales during a set period of outage, but how about the longer-lasting reputational damage a DDoS attack could lead to? This is tougher to calculate. Cyber attacks such as DDoS can generate negative publicity for businesses which erode customer confidence. It could mean customers being less willing to share personal data in the future, or cause them to be more likely to switch to a competitor. Rebuilding that confidence and reputation will take both time and money — but the effects could nonetheless linger.
#3. Legal costs
No, we’re not referring to suing attackers (although that would come with a pricey legal bill), but rather the risk of legal repercussions aimed at a DDoS target. Related to the earlier point about operational losses, investors or other third parties who rely on a DDoS target for revenue could sue for damages. While it might sound unfair to sue the victim of an attack for being targeted, they may have a valid case if they lost money because the company targeted had not used the optimal security measures to safeguard against attack.
#4. Losses resulting from recovery
It’s not all that helpful to shut the barn doors after the horse has bolted, but there may still be hefty costs involved with the aftermath of a DDoS attack — even if it’s been successful at knocking your service temporarily offline. For example, you may need to hire cyber security forensic experts to unpick the cause of the attack and the full impact that it had on your business. These costs may be considerable, and likely to be far more than if you had simply taken the right steps up front.
#5. Other losses
You know how, in a heist movie, one member of the team may be given the job of staging a distraction to call attention away from the REAL crime? DDoS can be used in much the same way. While your business is reeling from an in-progress DDoS attack, hackers could be carrying out a simultaneous, but less obvious, attack — such as exfiltrating user data or installing malware.
Adding all of this up to find the total cost associated with a DDoS attack is tricky. There’s no one-size-fits-all answer that will cover every business. A local restaurant’s website being knocked offline will be very different in associated costs than Amazon being knocked offline for that same period of time or a top-grossing game like Fortnite. But, however you slice it, the costs are unlikely to be cheap. According to one recent report, the average cost of a DDoS attack in the United States is in the region of $218,000. Whether you’re a big business or a small startup, that’s a whole chunk of change!
Find the best tools to protect yourself
When it comes to DDoS protection, the best way to reduce costs is not to be the victim of a DDoS attack at all. For this reason, organizations should ensure that they invest in the best anti-DDoS measures. Tools like Web Application Firewalls (WAFs) can help by blocking bad traffic, while still continuing to allow filtered traffic from legitimate users through. Organizations can also seek out tools that are able to absorb DDoS attacks, so that websites and online services are not overwhelmed by attacks and rendered inaccessible as a result.
While these tools do require an investment, it’s a drop in the ocean next to the potential cost of a successful DDoS attack.