Protect your business from DDoS attacks

A distributed denial-of-service (DDoS) attack is aimed at stopping your online tools and websites from working by overloading them. You and your customers may not be able to access your website, order goods or services from you, pay you, or contact you online or by email.

For more information on what a DDoS looks like and how to mitigate if you’re caught in one, see our attack guidance page.

Distributed denial-of-service (DDoS) attack

ddos diagram

Preparing for a DDoS attack

Being prepared for a DDoS attack is important to ensure your business will be able to weather the storm and come out relatively unscathed.

DDoS attacks can be complex with lots of moving parts, however, we’re here to help you understand what’s vital to keep your business running in case of an attack and help you choose the right protection for your business.

Understand your businesses critical assets and services.

Being able to work with a DDoS service provider and choose the right protection for your business, means you need to understand your business’s technical environment.

Start by identifying the services you have exposed to the internet and the potential vulnerabilities they have. Create a list of all the external facing assets your business uses that could be exposed to an attack and list them by priority of how critical they are to running your business.

For example:

  • customer-accessible websites or services,
  • staff-dependent websites or services (such as web mail or VPN systems),
  • supporting infrastructure services (such as Domain Name System),
  • network equipment that sits at the public edge of your networks (such as firewalls and gateways), or
  • any systems you host on third-party networks (such as cloud-based).

Identifying your critical assets is the first part of developing a business continuity plan, in the event of an attack the plan tells you what needs to be back up and running and in what order of priority.

Talk to your managed service provider (MSP) or IT provider

If you have an MSP or IT provider, it’s helpful to have a conversation with them about if their service includes DDoS protection and to what level.

Some providers may charge more for DDoS protection or it can be included in your package. It may even be included but you haven’t enabled it through your provider.

There are specialist anti-DDoS protection services who will be able to provide more robust protection as well as additional protection against larger more advanced attacks. Anti-DDoS services are better able to monitor network traffic, confirm an attack, identify the source, and mitigate the situation. Further benefits of using an anti-DDoS service provider include rapid incident response, expert technical advice (including 24/7 support in most cases) and shared attack analytics, helping you understand how future attacks can be stopped.

If you don’t have an MSP

If you don’t have an MSP because you look after your online services yourself, you should still consider getting DDoS protection through an outside provider.

It’s unlikely you will be able to put all the mitigations in place in-house to stop a DDoS attack. Many MSP’s offer basic DDoS protection packages that can be tailored to suit your business. 

Different types of DDoS protection

There are two main forms of protection: always-on and on-demand.

Always-on, as its name suggests, is protection in which the provider maintains continuous protection. Meaning, you should be guaranteed that if your service is hit by a DDoS attack, at any time day or night, your applications and website would be protected.

The drawback is that this service is the most expensive for you as a customer.

On-demand is the more cost-effective option. It allows you to activate protection only when you experience an attack. You call your service provider, and they switch on protection; turning it off again once the attack has been resolved.

The drawback of this approach is that protection is activated only when you notice an issue and raise it with your provider. You will also need to allow for the time it takes for the provider to implement protection. This may mean a substantial amount of time passes before the attack is blocked. There is also no guarantee that the attacker won’t come back to target you again when your guard is down.

What to expect of your service provider during an attack

Understanding what type of support your DDoS protection provider will provide you during an attack and what role you play in the response will help you better prepare for an attack.

Once abnormal activity is detected your provider should be able to diagnose what type of attack you’re experiencing. You can then work with them to get the DDoS attack mitigated and get your services running as normal.

They may block traffic from a particular country or type of device, or simply block all access until the attack has calmed down. External services will likely stay down but internal ones may keep going.

You will need to work closely and keep regular contact with your service provider during the attack and afterward to get your services back up and running.

What to do if you are experiencing a DDoS attack and don’t have protection

If you don’t have DDoS protection in place, it can be a lot harder to detect and mitigate an attack. If you think you might be experiencing a DDoS attack and don’t have protection or know how to get help, CERT NZ has advice on what steps you can take. 

What to do during a DDoS attack on your business

Watch: What is DDoS?

Video transcript

Report it

Help and advice is available from CERT NZ through our online reporting tool, or our contact centre.

Report it

0800 CERT NZ