Since the arrival of the new millennium, cybercriminals have used distributed denial of service attacks to shut down some of the world’s biggest websites. You may have heard the acronym DDoS before, but what is a DDoS attack? And how can one impact your website?

In a DDoS attack, cybercriminals use hacked networks to flood internet servers with traffic, sending more requests than the server can handle. This includes overwhelming a website with “fake” requests in an attempt to make the site unavailable. DDoS attacks are executed when multiple computers on different networks — called a “botnet” — send large amounts of requests to your website at once. In a particularly memorable instance, the Mirai botnet used a large number of hacked internet of things devices to overwhelm Dyn, a domain name system for popular sites such as Amazon, Twitter, Netflix, Etsy, and Spotify.

Even when a DDoS attack fails to crash a website, it often slows the site down enough to make it unusable — frustrating customers and causing significant revenue losses. Meanwhile, these attacks are cheap for cybercriminals, which is perhaps one reason they accounted for 35% of cyberattacks in 2017. For as little as $100 a day, certain groups will deploy DDoS attacks on unprotected servers — and that price goes up to $400 a day for protected ones.

Particularly for e-commerce sites, even one day of downtime can be far more costly.

How to Tell if a Site Is Under a DDoS Attack

Obviously, not all surges in traffic are bad, but when you suspect a DDoS attack is behind a surge, it’s important to correctly identify it as quickly as possible. Unfortunately, it can prove challenging to distinguish between a spike in legitimate user traffic and one brought on by a DDoS attack. But if slow service continues for days instead of hours immediately following a sale or marketing campaign, your site could be under attack. A significant spike in spam emails can also signal an attack.

How to Respond to DDoS

Website downtime can cost small and midsize businesses between $137 and $427 per minute, while the attacks that bring them down can be conducted for as little as $1 per minute. You won’t outlast an attack, so the first step is knowing that you need to act swiftly. Let your web hosting provider know what’s happening, as it may be able to monitor and block the traffic to protect its servers.

In addition, prepare for a surge in customer communications as people report the downtime and ask questions. Automate your responses whenever possible, as you’ll need all hands on deck to respond to the attack.

How to Protect Your Website From DDoS

Instead of simply trying to survive a DDoS attack, take steps to prevent one. Research indicates that about 66% of DDoS-targeted sites are attacked more than once. Web application firewalls are a good place to start because they’ll be able to differentiate between DDoS attacks and legitimate traffic. By relying on a WAF, you can protect your website from DDoS attacks and ensure your customers enjoy uninterrupted access to your site.

As IoT devices continue to rise in popularity, DDoS attacks will continue to gain prevalence — and the cost of conducting them will likely go down even further. Prevention is the best method of dealing with these cyberattacks, and it starts with effective tools and a reliable response plan. Want more protection? Get a quote for automatic mitigation for sophisticated DDoS attacks today.

Monique Becenti is a product and channel marketing specialist at SiteLock, a cloud-based website security provider currently protecting more than 12 million websites globally. Monique is passionate about improving the customer experience for all. SiteLock’s combination of dedicated research and developmental efforts, aggressive product road maps, and access to a massive global data set make the company a leading innovator in web security.