Have I been Breached? 4 Signs to know when your Business is under Attack
There is one major difference between how cyber security experts and everyone else think about cyber security: our expectations. While most people don’t assume there is an issue until one is presented to them, security experts have a much more investigative approach as they tend to assume there IS an issue, until proven otherwise. This line of thinking allows experts to stay diligent and privy to suspicious behaviors.
If you’re unsure if you’ve been breached, or are questioning your overall security postures, this post is for you. Below are four great, investigative ways you can spot signs of attack with minimal technical knowledge.
Slow Systems or Internet Connection
Slow computers and/or internet connections are not a rarity, however, when shifting our perspectives to that of a security expert, it’s a possible sign of a breach which requires further investigation. When a hacker enters your systems, they perform a lot of activity in the background. Whether dispensing spam, or monitoring activity, this additional, excess activity will slow your system or connection. If you suspect your slow computer or connection to be a breach, you’re going to want to check network activity, bringing us to our next point.
Unusual and Suspicious Connections
As stated above, when hackers- or malware- breach your system, they will be engaging in exponential amounts of activity. Outbound traffic patterns can prove very useful when investigating possible attacks. So, check the activity happening on your corporate/company network firewall. You should only see SMTP traffic from your mail-servers, DNS traffic from your DNS servers and mostly just TCP 80 and 443 from your users’ workstations. (Casper Manes) If you see a workstation making direct SMTP and DNS connections to an internet address, it is likely that a hacker or malware is utilizing the workstation for widely disseminating spam. Check your ports, as high port activity could be a line of business application, but could also be a hacking attempt. Keeping an eye on activity and having a skeptical, investigative perspective could be key to stopping a breach before it’s gone too far.
There are other types of unusual activity to look out for, outside of your network activity, that can be useful insight into whether you are being hacked. One sign is if your access logs show logins from unusual times or locations. This can often mean that an unauthorized user is accessing accounts/systems, which can be especially devastating if an administrator account is compromised. Another tell-tale sign is to check critical system files for negative changes. It’s important that your company distinguish between positive, neutral and negative changes, in real-time, to be able to properly track suspicious activities on critical system files.
Mind of its Own
These are the obvious signs of hacking or malware:
- Excessive pop-ups in browser or in background
- Pop-ups occur, even when you are not actively using your browser
- Programs automatically run when a device is started, which have not been set to do so
- You have a hard time shutting down or restarting a device
- Your antivirus software was disabled
- Other actions which seem autonomous
These are some of the easiest and most apparent ways to affirm whether you have been breached or not. Some of these tracking processes should be regulated so that your company is performing them on a regular basis. Most of all, remember to keep an investigative mind and that it’s always best to assume you have been or will be breached, rather than assume you haven’t until the alarm bells sound.
The Optimal Training Solution
CyberTraining 365’s Data Security and Privacy Training is a comprehensive training solution aimed at teaching employees how to identify, mitigate and report cyber threats; creating awareness of information security risks for all roles across a company, Finance, HR, Legal, IT, Marketing, etc. This training is available on https://datasecurity365.com.
The training is subscription based, which is great for optimizing your budget with rotating seats, and has white-labeling availability. This way, you can keep your academy consistent with your internal branding.
On top of this, you can create a wider library for your business with advanced cyber security training courses for your IT team, data security and privacy training for your non-technical employees and the most current, up-to-date methodologies for your cyber security team to keep up with the industry.
CyberTraining 365 is an online academy that offers nearly 1,000 hours of relevant and cutting edge cyber security training. Our training provides the most in demand industry certification prep courses including EC-Council, CompTIA, (ISC)2 and Cisco; all taught by leading cyber security experts. All of our offerings are aligned with the national initiative for cyber security education (NICE) and ensure the most up-to-date information for this constantly shifting field. With engaging content in a scenario-based format, CyberTraining 365 uses bite-sized micro-learning methodology ensures learners are not overwhelmed with information. On Demand LMS platform has white-label capabilities ideal for internal training purposes.