Emtec Insights

Thumbnail Image - Top 2 Warning Signs of a Cyber Security Breach According to IBM’s July 2021 Cost of a Data Breach Report, the average time it takes an organization to detect and contain a breach is now approximately 287 days. “To put this in perspective, if a breach occurring on January 1 took 287 days to identify and contain, the breach wouldn’t be contained until October 14th.”

That is a jarring statistic to say the least. When it comes to a cyber attack - the earlier the detection the better – and hopefully you uncover the breach prior to being exploited.

How can you tell if you have been compromised? 

Our cyber security experts here at Emtec reveal the top 2 warning signs that may indicate you have been breached.

Breach Warning Sign #1- Things that used to work well, don’t!

Slow Computer Systems- Are users complaining their laptops are taking way too long to connect to the corporate network? Do their systems seem to be working extra hard or processer fans running high? Is their antivirus software disabled, missing from the taskbar, or not working properly? Malware will disable antivirus and other features of your computer systems. Ensure that updates are made to corporate connected devices on a regular basis and make sure all applications running on employee devices are company approved.

Unusual amount of password resets and login issues- This could be a threat actor on your network monitoring your IT infrastructure or testing to see if anyone is watching. Infiltrators will gain access, record the date / time they ask for a password change, and then note when your IT team changes passwords again to identify how an organization is run. Ensure passwords are updated regularly and unusual activity is monitored.

Problems with your VoIP phones- VoIP phones, like any other device on your network can be infiltrated. Are your users suddenly unable to log into their accounts? Are your main lines receiving large volumes of voicemails asking you to stop calling? Threat actors intercepting calls or penetrating your VoIP systems can steal proprietary corporate data, disrupt your services, or spoof your organization in social engineering attempts. Understand your VoIP providers security policies and regularly test your VoIP network for vulnerabilities.

Backups are not extracting properly or are missing- Threat actors will delete data backups, take control of files, and hold your network hostage for ransom. Are the status and integrity of backups verified each day? Are you paying attention to unintended file changes or deletion alerts on your backup systems or are they going to an email account that isn’t active anymore?

 

Breach Warning Sign #2- Suspicious Activity

Suspicious logins- Is your team seeing logins to applications that haven’t been used in a while (e.g., the website admin panel). Is a team-member currently on vacation but they are accessing the server? Many organizations don’t understand the gravity of their DNS information being public information. Anyone can run a query against an organization to see if they have a Web Application Firewall (WAF) in place or if their website or infrastructure is secure. Do you have a process to monitor and manage logins across your network for all applications and systems? Do you have an access manager on devices and Office 365/AD auditing in place? It is critical you audit access regularly.

High volume of email or file deletions- This could be a sign of a disgruntled employee or a threat actor on your network systematically confiscating your data. What systems & methods are in place for compliance & sustainability? How are they audited? Microsoft Office and Azure offers network tools to help you monitor for these activities. Do you have alerts set up for high volume requests? Who is responsible for monitoring them?

Physical access point threats- Are you seeing a rise in access to a certain physical location at unusual times? It is important to monitor access logs for your buildings and high security areas. This is critical to reduce targeted cyber attacks such as gifting, social engineering, trust, and invoicing infiltration methods that occur every day.

 

Avoiding a breach

To reduce the risk of a breach takes a combination of the proper tools, active monitoring, cyber security expertise, as well as awareness of potential cyber security threats.

With any Cyber Security or IT challenge, there are a plethora of tools available to help organizations monitor for unusual behavior. However, they will not be effective unless they are properly monitored and utilized along with having strong organizational policies in place and enforced.

Be sure to train your employees and remind them regularly on what to look out for and how to report suspicious activity to your IT department.

If something doesn’t feel right- it probably isn’t.

This is not an exhaustive list of warning signs by any means but are the most frequently seen. The key takeaway is if your gut is telling you that something isn’t quite right – listen to your intuition.

What would you add to this “how to spot a breach” list? Leave a comment below!

 

REFERENCES

https://www.ibm.com/security/data-breach

Written by Keason Drawdy

Senior Cyber Security Solutions Consultant

Keason Drawdy is a Senior Cyber Security Solutions Consultant with over 23 years’ experience in the Information Technology and Cyber Security sectors. A former black hat hacker and black hat reverse engineer, Mr. Drawdy has an extensive cyber security background with first-hand, significant knowledge in defeating secure networks and physical vectors and deep exposure to all aspects of cloud storage, security & encryption.

In his career as both a VP of IT at SMG Media as well as various cyber security roles with the Department of Energy and Environment (DOEE), Duck Creek Technologies, Olenick and CME Group, he has managed global teams of IT professionals throughout the United States, Israel, UK, and Asia. Notable achievements include the creation of four supercomputers that were capable of mining more than 500 Million US dollars’ worth of bitcoin as well as the design of high capacity, ultra-secure systems, networks for trading & hedge funds that are used today with high-frequency algorithmic trading platforms. Mr. Drawdy emphasizes the importance of CISO best practices & compliance in all client engagements. Certifications include: Information Systems Security Professional (CISSP) and Chief Information Security Officer (CISO).

If you would like to connect with Keason: keason.drawdy@emtecinc.com

Leave a comment

Popular Posts

More Emtec Insights

GET INSIGHTS IN YOUR INBOX