Back in the days before everything was online, it was relatively difficult to be denied a service you were seeking. Trying to patronize a business during non-business hours was one way, as was violating the no-shirt-no-shoes rule, but beyond that it was almost impossible to not access whatever service you needed.
Fast forward to this age of online convenience when it’s easier than ever to access almost anything…except for when it’s not. Thanks to the prevalence of a certain type of cyberattack, it’s pretty common for internet users to find themselves denied service, and website and business owners are suffering because of it.
Denial of Service definition
A denial of service or DoS attack is one that renders a website or online service unavailable to the users trying to access it. This type of attack generally consists of one attacker taking aim at one website or one service using one internet-connected device armed with a homemade script or attack tool that either floods the target’s underlying server infrastructure with malicious requests, or by exploiting a vulnerability. When a DoS attack is successful, the target website is either so slow to respond to legitimate requests from users that it can’t be used, or it’s pushed offline altogether. Without the proper protection in place, a website can end up offline for days under an effective DoS assault.
While denial of service attacks don’t actually breach a website’s security or result in data theft (unless the DoS attack is used as a smokescreen for an intrusion, which can happen) the consequences are no less devastating or long-lasting than they are for more intrusive attacks. Not only do ecommerce sites lose out on sales that would have otherwise been made if the site were accessible, and not only do other sites lose out on traffic and conversions that would have otherwise taken place, but the frustration felt by users easily translates to a loss of loyalty or trust and can cause users to abandon a website or business for one of its many competitors.
Similar…but not quite the same
In the news a lot lately is a type of cyberattack that sounds a lot like DoS but isn’t quite the same. DDoS or distributed denial of service attacks have been grabbing headlines for the last few years, and while the two attack types are quite similar because at their core as their purpose is to deny the services of a website or other online resource to its users, they differ in strategy.
While a DoS attack can be accomplished by one attacker using one computer, a DDoS attack requires the use of a botnet – a collection of internet connected devices that have been overtaken by malware allowing an attacker to control them remotely. Botnets are used to overwhelm the target website with the huge amount of malicious traffic that can be generated by so many devices. The end result of both attack types, if successful, is the same: a website that can’t be accessed by users.
According to the Ponemon Institute’s Cost of Denial of Service Attacks study, outages with DoS attacks as the root cause have grown from 2% in 2010 to 22% in 2016. Further, denial of service attacks are the most common form of attack on data centers, and given how much of an organization’s critical IT infrastructure is stored in a data center, an attack can be a major disruption to business processes.
The costs associated with a DoS attack are varied. Of the 270 organizations included in Ponemon’s study, the lowest cost associated with DoS recovery was $14,000 while the highest was a staggering $2.35 million. From 2010 to 2016 the average cost associated with a successful DoS attack has risen from $187,000 to $255,000.
Instead of paying out that $255,000 or suffering the potentially crippling reputation damage of a DoS attack, businesses and websites of all types and sizes would be better served taking a proactive approach to DoS prevention.
Bigger websites and businesses especially those in highly competitive industries like online gaming need to monitor social media and platforms like Reddit for chatter about impending attack attempts on them. Websites and businesses of all sizes need to formulate an attack response plan, which includes what IT staff members should be doing to minimize the effects of an attack as well as what customer service and communications employees should be doing to facilitate communication with users as well as other employees. Monitoring traffic for abnormalities and suspicious patterns is also wise, as is investing in professional protection against denial of service attacks. These professional, managed services are best suited to the job of inspecting traffic and keeping attacks from ever reaching their targets.
With the right preventative measures and a little help from the pros, it’s entirely possible for websites and businesses to bring customers back to those sweet, simple times when any service anyone needed could be easily accessed. With DoS attacks out of the picture it could be just like the good ol’ days, only better because no one has to leave their house. No shirt, no shoes, no problem.