One of the major threats to businesses today is the threat of cyber breach. This can come in several forms – i.e., adware, malware, ransomware, etc. While some of these are mere nuisances, malware and ransomware can be quite costly to business both financially and in terms of data loss. So, how can businesses know when they are under attack?
Signs You’re Under Cyberattack
Following are seven signs of cyberattack. Keep a lookout for these symptoms as the presence of one or more of these could mean that your firm is experiencing a cyber breach.
1. PCs, laptops, other computing devices begin to slow down. Applications begin to experience abnormally slow execution where they had not before. This can be in word processors, spreadsheets, presentations, and other.
2. Reports of spam increase via company email address. More and more evidence of ‘spoofed’ emails show up in the network. These emails originate from sources outside the organization but appear to be legitimate until inspected closely in the address line of the email.
3. Computer system sounds continue after user activity has ceased. The CPU (central processing unit) continues to show activity, typically accessing data from the hard drives causing the drive light to flicker, and/or make mechanical sounds, for periods of time after user has stopped using the computing device.
4. Web browsers switch automatically to other sites. Even though you have a preferred search engine selected for your system, the search engine switches to another without prompting from the user.
5. Unusual pop-up windows appear, even when computer is not network connected. This is somewhat self-explanatory as many of us have experienced pop-up screens that cover the area we are interested in reviewing. Some can be normal, such as error boxes related to the application we are using, but others are quite annoying and can be detrimental to the system depending on their content.
6. Error messages increase and cannot be resolved. Error codes appear in pop-up boxes with coded messages that require investigation through web research with Google or Microsoft support sites, or other technical support sites. Some can be cleared, while others require restart of the computing device.
7. Data backup processes fail, improperly save files, or generate error messages. Data backup and recovery is vital to the health of your system, so when they begin to fail, or restore incomplete or with errors, the lasting effects can be financially devastating, at the least costly, to rebuild critical historical data regarding clients and financial data.
As technology advances, so must the measure we deploy to protect them. Businesses are ever more reliant on the internet for access to information. For every user, or access point, who has connectivity to the internet, there must be separate individual effort put in place to safeguard against intrusion. The same old anti-virus and anti-malware measures are no longer enough to guard against the sophistication of the modern-day malicious hacker. In addition, the appropriate measure to put in place is known as endpoint protection.
Endpoint protection monitors the network traffic to identify patterns of transmissions entering AND exiting a company network. This protection is looking for abnormal data patterns as well as malicious packages attached to emails and other message transfers. The more sophisticated endpoint methods include feeding suspect transmissions to a fully staffed Security Operations Center (SOC). The SOC then immediately begins to analyze and trap, or quarantine, the data packets until remediation methods are deployed, or the data is deemed harmless. As it analyzes and detects anomalies in the transmissions, it “learns” or stores for future reference, the anomaly so that detection of future threats occurs much earlier in the process.
Cost of Failure
Research has shown (Ponemon Institute, 2013) that the average cost of a malicious security breach approaches $840,000. The Target breach may near $1 billion before all lawsuits are settled, and fines assessed. Consider the breach of public confidence for businesses who are forced to announce their security has been breached.
What Can Be Done
While outside intrusion does occur and can be costly in terms of lawsuits and public embarrassment, most breaches occur due to employee negligence and poor internal policies and procedures. Steps can be taken to strengthen password naming conventions, create increased frequency of required password changes, and education of employees regarding modern methods of intrusion from outside sources. Regular security assessments should be conducted on at least a quarterly basis to review findings of the endpoint protection and follow-up from the SOC.