What is a DDoS attack?
A DDoS attack floods a website, service, or network with traffic so legitimate users cannot access it.
Simple example
An online booking site becomes unreachable because many systems are sending traffic to it at the same time.
Why it matters
DDoS attacks can interrupt operations and may be used as a distraction during other activity.
Common warning signs
- The activity is unexpected or unusual for the business context.
- The request or system behaviour creates pressure to act quickly.
- Normal approval, verification, or security processes are bypassed.
- There are signs of unauthorised access, data exposure, or system change.
- Staff are unsure whether the request, message, or system behaviour is legitimate.
Cyber Doc view
This term should be understood in business context, not only as a technical issue. Good protection usually combines clear processes, appropriate technical controls, staff awareness, and a calm response plan.
What to do
Proactive steps
- Use hosting or CDN providers with DDoS protection.
- Monitor traffic patterns.
- Prepare an escalation path with your provider.
- Avoid exposing unnecessary services.
- Have a communication plan for outages.
Reactive steps
- Contact the hosting or network provider quickly.
- Enable available DDoS protection or rate limiting.
- Preserve traffic logs where possible.
- Communicate service disruption clearly.
- Review whether any other suspicious activity happened during the outage.
Related terms
- Availability
- Security monitoring
- Incident response