Tech and Trends:- Now that owning or operating a website is such a mainstream thing, we’re pleased to report that the average web-using person actually knows a fair bit about DDoS attacks. The only problem is that a lot of what people know about DDoS attacks is wrong. So overall, we’ve still got a bit of an uphill battle ahead of us.
For the most part, it can be hard to fully understand DDoS attacks. If you’re not a perpetrator and you have a hard time thinking like one, it can be difficult to understand the purpose behind them. And even if you’re a website owner invested in your site’s security, it can be onerous to understand the risks and what you need to do in terms of DDoS attack prevention, especially with so much misinformation floating around out there.
We’re going to get to some of the myths that absolutely have to be dispelled when it comes to DDoS attacks. But before we can do that, we need to lay out a couple of important DDoS attack facts.
What is a DDoS attack?
A DDoS attack is a Distributed Denial of Service attack. To put it as plainly as possible, the purpose of a DDoS attack is to deny an internet service – be it the use of a website, a network, or machine – to its legitimate users. This is typically done in two ways: either by crashing the service entirely, or by flooding it with so much traffic that its resources are consumed, leaving little or none for legitimate users.
How common are DDoS attacks?
Too common. DDoS attacks are usually executed via malware or bots. Recent research by DDoS protection company, Incapsula, showed that in the last 12 months, the number of DDoS bot visitors on websites has increased by 240%. Another research, by the same firm research also demonstrated that in 2013, 61.5% of all website traffic came from bots, up from 51% in 2012. So if you thought the traffic numbers for your History of the Banjo website seemed a little high, well, at least 38.5% of those hits came from humans. Strange, strange humans.
Dangerous DDoS myth #1: I’m not a target
Do you make money from your website? Take payments? Collect data? Do you have competitors of any kind? If you answered either “yes” or “I hope to soon” to either of those questions, you’re at risk of a DDoS attack.
The more successful your website gets, the bigger the risk you face. You probably don’t need to worry about DDoS attacks to the extent that the FBI or Department of Justice does, but you should at least have a plan in place in the event that you’re ever targeted. Which brings us to our next myth.
Dangerous DDoS myth #2: My firewall or ISP will protect me
We’ll start with the firewall. Hackers love firewalls because they’re relatively easy to overwhelm. While your firewall will protect you from a SYN flood, one type of DDoS attack, it can’t prevent an HTTP flood or DDoS attacks at the application level.
As far as your internet service or hosting provider goes, if you saw someone running at you, preparing to swing a baseball bat at your head, would you lift your own arms to shield the blow, or would you assume a police officer was going to step in front of you? Just because it seems like it should be your ISP’s responsibility to protect you doesn’t mean it will be able to. The chances an ISP will be able to distinguish a DDoS attack from regular traffic patterns in real-time are nil.
Dangerous DDoS myth #3: DDoS protection is out of my budget
We’ll be upfront with you and say that hardware-based DDoS protection is probably out of your budget, unless you happen to be a successful corporation, in which case, congratulations. But for the average website or small business owner, there’s a wide range of DDoS protection or mitigation services available, including cloud-based DDoS protection. Because it’s cloud-based, you won’t have to pay for any setup or overhead, eliminating the bulk of the cost.
Dangerous DDoS myth #4: DDoS attacks are annoying, but leave no lasting damage
In order to believe that DDoS attacks won’t do any lasting damage to your web presence, you’d have to be a real optimist. You would have to be able to look at an empty glass and tell yourself it’s half full. Not only do DDoS attacks disrupt your user or customer experience, undermining their confidence in you, but they cause a loss of revenue while your service is unavailable, can tank your SEO ranking, and in some cases hackers will even demand a ransom in order to stop the attacks.
DDoS attacks will only continue to become more common and more sophisticated. All you can do is stay one step ahead by staying informed and protecting your investments.