Since Sept 2016, when krebsonsecurity.com was hit w/ something close to a world record DDoS from Mirai, my site has been behind Google Shield, a free program that Google offers to journalists, news outlets and human rights groups that might otherwise be DDoSsed into silence in one form or another. On the one hand, I don't have as much visibility into who's attacking me or when, because I mostly never notice any disruption. But when I do hear from the Shield team about an attack, it's usually something interesting (e.g. https://krebsonsecurity.com/2021/09/krebsonsecurity-hit-by-huge-new-iot-botnet-meris/)

Anyway, Google said today it is expanding the Shield offering to include "organizations representing marginalized groups and non-profit organizations supporting the arts and sciences."

https://cloud.google.com/blog/products/identity-security/project-shield-expands-free-ddos-protection

I gave Google this feedback long ago, but I'll add it here b/c it should be the default if you're on Shield and also using other Google services (Gmail, etc): If you or your organization is eligible for this free protection, it probably also means you are a giant target. IMHO, turning on Advanced Protection for Google Accounts should be automatic for Shield users.