If that is a concern, then they do need to work with their internet service provider, and perhaps with a cloud-specialty anti-DDoS provider, because those organizations have infrastructures and massive amounts of internet bandwidth which can actually absorb gigantic attacks, filter out the majority of malicious traffic, and then send the good stuff through to the end user.