ANYBODY can talk to Mark and get his help.

Subscribe to { grow }

Receive my best posts on marketing and strategy, delivered to your inbox, free with no strings attached!

How Humans Win In An AI Marketing World

Orders processed via

AMERICA

The greatest marketing learning experience. Come to the Uprising America.

Master Class

Join the most effective personal branding training class in the world.

Search this site

Welcome to {grow}

You’re in marketing for one reason: Grow. Grow your company, reputation, customers, impact, profits. Grow yourself. This is a community that will help. It will stretch your mind, connect you to fascinating people, and provide some fun along the way. I am so glad you’re here. -Mark Schaefer

Four Pillars of Human Dominance in the AI Marketing Era

Three marketing truths for turbulent times

Ten ways to create an AI-shaped career

Is it time to monetize your audience through Substack?

The AI Easy Button imperils the future of marketing research

Why Hackers Take Down Sites (and How to Protect Yourself)

By Kerry Gorgone, {grow} Contributing Columinist

Why do the Bad Guys try to take down our websites?

In my (admittedly limited) experience with hacking, the main result of a denial of service attack seems to be annoyance on a wide scale. Blameless users simply trying to accomplish a routine task (such as order a product or read a blog) are unable to proceed due to a denial of service attack (often referred to as a “DoS” or “DDoS” attack).

In my naiveté, I often assumed—without really giving it much thought—that denial of service attacks were undertaken by bored geeks who had tired of online gaming and moved onto hacking. I imagined a sort of high-tech “pissing contest,” in which each hacker sought to establish his or her superiority. I never imagined there could be a more sinister motivation, nor did I consider the devastating consequences that bringing down a website could have on a business owner.

According to a study from Neustar, it takes an average of 10 hours before a company can even begin to resolve a DDoS attack. When a service outage costs an average of $100,000 per hour, the cost of that downtime adds up quickly, and can decimate smaller businesses that rely on their website. (Neustar has created a 2014 infographic with some startling statistics on denial of service attacks.)

As it turns out, I was half right. Kevin Mitnick’s book Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker reveals a shockingly nonchalant approach to hacking. “It was thrilling every time we compromised another SCCS [Switching Control Center System]—like getting into higher and higher levels of a video game,” as Mitnick describes the rush. “The judge [during the criminal trial] didn’t seem to understand why I would do such things without profiting from my actions. The idea that I was doing it for fun didn’t seem to make sense.”

I’m with the judge on this one. “Just for fun” isn’t a sufficient explanation when mitigating the impact of a denial of service attack can cost a company $1,000,000 even before their efforts start to work.

The business behind hacking

But not every hacker is in it for the fun. Some do have a monetary motivation, even if their path to profit isn’t clear to those of us unschooled in the art of hacking.

Some hackers extort legitimate businesspeople, threatening a denial of service attack if money is not forthcoming.

Others use the denial of service attack as a “smokescreen” while they insert malware or a virus into the code of the target site. One attack created a diversion while the hackers obtained bank customers’ credentials and stole $9,000,000 from ATMs in a period of 48 hours.

Denial of service attacks can also be used to thwart competition. Companies might pay hackers to execute a denial of service attack on a competitor’s website. In some cases, hackers will execute a denial of service attack on a website because they disagree with something the site owner has said (on the site or on another channel).

Fighting back

Given the massive cost of mitigating such an attack, the idea that someone might do this can have a chilling effect on speech and the free expression of ideas, which ultimately harms society as a whole. There are some ways to protect your site against a denial of service attack. Ironically, the most common measures taken—firewalls and intrusion prevention systems—are not designed to stave off this type of attack.

Keep an eye on your analytics. Knowing your baseline for traffic will help you to identify when a denial of service attack is underway, so you can get a jump start on mitigating its effects.

Contact your ISP and ask what services they offer to help mitigate denial of service attacks.

Create a “whitelist” of IPs that get priority access during an attack. Include your biggest clients or customers.

Implement “purpose-built DDoS protection” (cloud, hybrid and hardware), rather than relying on measures not specifically designed to prevent denial of service attacks.

There is more you can do, depending on your staff and budget, to protect yourself. Whatever you do, take action now, especially if you’ve already been the victim of a denial of service attack: 87% of companies attacked were hit multiple times. And remember Neustar’s pithy observation: “Hope is not a strategy.”

Kerry O’Shea Gorgone is a writer, lawyer, speaker and educator. She’s also Instructional Design Manager, Enterprise Training, at MarketingProfs. Kerry hosts the weekly Marketing Smarts podcast. Find Kerry on Google+ and Twitter.

Illustration courtesy Flickr CC and Mikael Altmark

Book link is an affiliate link