According to IBM’s July 2021 Cost of a Data Breach Report, the average time it takes an organization to detect and contain a breach is now approximately 287 days. “To put this in perspective, if a breach occurring on January 1 took 287 days to identify and contain, the breach wouldn’t be contained until October 14th.”
That is a jarring statistic to say the least. When it comes to a cyber attack - the earlier the detection the better – and hopefully you uncover the breach prior to being exploited.
How can you tell if you have been compromised?
Our cyber security experts here at Emtec reveal the top 2 warning signs that may indicate you have been breached.
Breach Warning Sign #1- Things that used to work well, don’t!
Slow Computer Systems- Are users complaining their laptops are taking way too long to connect to the corporate network? Do their systems seem to be working extra hard or processer fans running high? Is their antivirus software disabled, missing from the taskbar, or not working properly? Malware will disable antivirus and other features of your computer systems. Ensure that updates are made to corporate connected devices on a regular basis and make sure all applications running on employee devices are company approved.
Unusual amount of password resets and login issues- This could be a threat actor on your network monitoring your IT infrastructure or testing to see if anyone is watching. Infiltrators will gain access, record the date / time they ask for a password change, and then note when your IT team changes passwords again to identify how an organization is run. Ensure passwords are updated regularly and unusual activity is monitored.
Problems with your VoIP phones- VoIP phones, like any other device on your network can be infiltrated. Are your users suddenly unable to log into their accounts? Are your main lines receiving large volumes of voicemails asking you to stop calling? Threat actors intercepting calls or penetrating your VoIP systems can steal proprietary corporate data, disrupt your services, or spoof your organization in social engineering attempts. Understand your VoIP providers security policies and regularly test your VoIP network for vulnerabilities.
Backups are not extracting properly or are missing- Threat actors will delete data backups, take control of files, and hold your network hostage for ransom. Are the status and integrity of backups verified each day? Are you paying attention to unintended file changes or deletion alerts on your backup systems or are they going to an email account that isn’t active anymore?
Breach Warning Sign #2- Suspicious Activity
Suspicious logins- Is your team seeing logins to applications that haven’t been used in a while (e.g., the website admin panel). Is a team-member currently on vacation but they are accessing the server? Many organizations don’t understand the gravity of their DNS information being public information. Anyone can run a query against an organization to see if they have a Web Application Firewall (WAF) in place or if their website or infrastructure is secure. Do you have a process to monitor and manage logins across your network for all applications and systems? Do you have an access manager on devices and Office 365/AD auditing in place? It is critical you audit access regularly.
High volume of email or file deletions- This could be a sign of a disgruntled employee or a threat actor on your network systematically confiscating your data. What systems & methods are in place for compliance & sustainability? How are they audited? Microsoft Office and Azure offers network tools to help you monitor for these activities. Do you have alerts set up for high volume requests? Who is responsible for monitoring them?
Physical access point threats- Are you seeing a rise in access to a certain physical location at unusual times? It is important to monitor access logs for your buildings and high security areas. This is critical to reduce targeted cyber attacks such as gifting, social engineering, trust, and invoicing infiltration methods that occur every day.
Avoiding a breach
To reduce the risk of a breach takes a combination of the proper tools, active monitoring, cyber security expertise, as well as awareness of potential cyber security threats.
With any Cyber Security or IT challenge, there are a plethora of tools available to help organizations monitor for unusual behavior. However, they will not be effective unless they are properly monitored and utilized along with having strong organizational policies in place and enforced.
Be sure to train your employees and remind them regularly on what to look out for and how to report suspicious activity to your IT department.
If something doesn’t feel right- it probably isn’t.
This is not an exhaustive list of warning signs by any means but are the most frequently seen. The key takeaway is if your gut is telling you that something isn’t quite right – listen to your intuition.
What would you add to this “how to spot a breach” list? Leave a comment below!