How to protect your company against a DDoS attack

What is a DDoS attack?

Suppose thousands of people flood into a bakery at the same time. The baker cannot help everyone. Out of necessity, he closes his bakery and makes no money that day. A DDoS attack has the same effect on, say, your online shop.

Revenue loss and reputational damage

DDoS stands for "Distributed Denial of Service". A cyber attacker sends as much data traffic as possible to your website or company network. It does so using a group of computers, a botnet. Hence 'distributed'. Your website or network cannot handle this and crashes. Consequence: no one can access your website or server, or 'denial of service'. This causes you to lose turnover and possibly damage your reputation.

Extortion

Criminals also use DDoS to extort entrepreneurs. This can cost you a lot of money. This form of cybercrime is called 'ransom DDoS'. A cybercriminal starts a small DDoS attack on your business. And then threatens a major attack unless you pay a ransom.

A DDoS attack is sometimes a malicious prank. Sometimes it is a targeted attack. Think of someone seeking revenge. Or someone taking a competitor offline. You do not need any technical knowledge to carry out such an attack. You can rent a DDoS service on a DDoS marketplace, or a 'booter', for a few tens of euros per hour.

Recognising a DDoS attack

How do you know you are suffering from a DDoS attack? A key clue is that you are offline for no apparent reason. Another indication is that your systems are working slower. Or even failing completely. This happened to a number of schools and hospitals in January 2025 (in Dutch). Hackers flooded these organisations with excessive data traffic in DDos attacks. 

Against the law

Carrying out a DDoS attack is easy and has unpleasant consequences for the targeted business. Such an attack is always punishable by law. The perpetrators face a prison sentence of up to 5 years. That is, if they are caught. It is often difficult to catch perpetrators. Still, international detection teams regularly dismantle 'booters' (in Dutch). 

The number of DDoS attacks in the Netherlands is rising considerably (in Dutch), according to the National Internet Providers Management Organisation (NBIP). In the third quarter of 2024, there were 688 attacks. In the second quarter, there were 419. And that is just the number of DDoS attacks the NBIP sees in their Nationale Wasstraat (National Scrubbing Centre, NaWas, in Dutch). The NaWas service combats DDoS attacks by separating harmful and safe internet traffic. 

Protect yourself: 5 tips

These tips will help you protect your business as best you can against an attack:

1. See if you can work without a website and computers. If so, DDoS protection is not necessary.

2. Can you not work without an IT system? Then make sure you have a plan B. Who do you call in case of a DDoS attack? How do you work temporarily during an attack?

3. Choose an internet provider and web host that have anti-DDoS measures. Check whether your provider uses the NBIP's NaWas, for example.

4. Use a 'digital scrubbing’ service yourself if your provider does not already do so. Search for 'traffic scrubbing service'. These services only let secure data traffic through to your webshop, for example. The service will catch dangerous traffic such as DDoS attacks for you.

5. When in doubt, call in your IT manager or a cyber security expert to help you with the tips above.

Are you a victim of a DDoS attack despite these tips? Then report it to the Dutch police.