Successful cyberattacks have the potential to sink even the most powerful organisations with the most sophisticated of cybersecurity strategies. While many corporate attacks receive extensive media coverage and massive public attention, one of the most deadly characteristics of a successful cyberattack is its ultimate silence. With that in mind, how do you detect a cyberattack before it wreaks havoc on your network?
Infrastructure breaches vs information breaches
When we think about cyberattacks, we often picture wide-spread hacks and leakage of critical data. But an infrastructure breach (the first step in a cyberattack) is a far cry from the potentially devastating information breaches we see reported on in the news. One is inevitable, the other is a possibility. Whether through malware or phishing, it’s almost impossible to avoid an infrastructure breach in today’s day and age.1
From there it’ll take days, or even weeks, for an adversary to traverse your networks and turn it into something that has huge consequences – an information breach.
As an analogy, imagine if you had somebody trying to sneak into the building. They’ll find a way past the door, or maybe into the garage, or they’ll deliver something. But it takes a long time for them to understand the internal layout of the building; where the treasures are kept, and to be able to actually gain access to those things; use them and get them out.
Networks are far more complex than buildings.
It’s that development time where the defenders have a chance to detect cyberattacks and stop attackers before they cause real damage or access valuable, sensitive information.
Detecting a cyberattack
Once criminals have infiltrated your network, it’s not always easy to tell if your business has experienced a cybersecurity breach. Attackers use a variety of ways to avoid detection so that they can stay in your system long enough to harvest as much data as possible.
Sometimes, it can take months – and often longer – to realise that an attack has taken place. According to the Cisco Midyear Cybersecurity Report, the industry average for detecting threats is 100-200 days.2 By that stage, attackers might have already caused significant damage to your business or customers.Realising that you’ve experienced a breach as soon as possible is crucial to protecting your network and your sensitive information. But how do you detect a cyberattack when bad actors are actively trying to avoid being found?
Signs you’ve been breached:
Below we highlight some of the main indicators that a cyberattack may have occurred. Taking note of these instances and investigating when they happen, is vital to keeping a handle on your security. Become part of the cyberattack detection process by keeping an eye out for these telling signs:
- Inconsistencies and extras in your code
- Issues with administrative logins and access
- A slower-than-normal network and spikes in network traffic
- Performance issues affecting the accessibility of your website3
- User passwords no longer working
- Missing or altered data
- Your customers receiving spam from your business account
- Numerous pop-up ads4
How to catch cyber attackers
Noticing anomalies as they happen is not always enough to keep up with cyber attackers. Defenders need to be proactive in their approach in order to nip breaches in the bud before they cause harm. Here are just five ways to keep a finger on the pulse of your network and uncover cybersecurity attacks early-on:
1. Use a honeypot
Honeypots are decoy computer systems that look like a legitimate part of a network containing valuable data.5 As soon as a honeypot has attracted the attention of the cybercriminal, a warning is triggered by the cybersecurity team and the attack can be confronted. As a basic example – a server named ‘user email’ is extremely appealing to hackers looking for valuable data. Knowing that no legitimate employees would use this, you are ‘honeypotting’ attackers by offering them an irresistible temptation.
2. Involve your employees
By keeping your team informed about cyber threats, they are much more likely to notice one and a lot less likely to fall for convincing phishing emails. Phishing attempts are growing in number. In fact, according to the Symantec 2018 Internet Security Threat Report, by the end of 2017, the average user was receiving 16 malicious emails per month.6It is therefore extremely important to your security that employees practise safe email protocol and are careful when clicking on online links from unknown sources or opening email attachments.7 Training them to report any suspicious activity to your security team means you can keep an eye on attempts and mitigate potential threats. It also means that if someone does click on a suspicious link, your cybersecurity department is aware they have done so.
3. Use threat detection software
Leading cybersecurity detection tools should be able to identify a breach within minutes, making them an invaluable asset for businesses concerned with the security of their data.8
Advanced threat detection solutions such as BluVector analyse network traffic in order to flag suspicious files, then sandbox the threat, and analyse its behaviour for malicious activity.9 By doing this, they can discover and contain malware that would otherwise go undetected, all before it infects your network.10
4. Keep an eye on website alerts
Attack traffic usually has a very specific pattern to it and hacked sites often see dramatic spikes in traffic. If you designate a team member to continuously monitor website alerts, you’ll be in a better position to identify and address a cyberattack before it causes real harm.11
5. Create an incident report
When you do get breached, analysing the cyberattack process – how the attacker infiltrated your network and moved around – means that you’re able to learn for the future.12 Cybercriminals often like to strike in the same place twice – and by the same methods. Knowing this, pre-emptive action and monitoring based on past attacks can help with quick detection of a security breach. Knowing what the cybersecurity threats are means you’re more prepared to identify them in the future.
The threat of a cyberattack on your business is real. Protecting the sensitive information within your network comes down to ensuring you’re able to identify and put a stop to cyberattacks in time. By implementing the above action points, you can be on the front foot when an attacker does make an attempt on your business, and be better equipped to address them before you become the next news story.
Ready to learn how to protect your business from the threat of cyberattacks?
Register now for the Harvard VPAL Cybersecurity online short course.
- 1 (2018). ‘Cybersecurity Breaches Survey 2018’.‘The Importance of Cyber Resilience’. Retrieved from University of Portsmouth Department for Digital, Culture, Media & Sport.
- 2 (Jun, 2016). ‘Cisco 2016 Midyear Cybersecurity Report’. Retrieved from Cisco.
- 3 (2018). ‘Cybersecurity for Business’. Retrieved from Ni Business Info.
- 4 (Jul, 2017). ‘Common Symptoms of Cyberattack To Look Out For’. Retrieved from Eduonix.
- 5 (2018). ‘What is a Honeypot’. Retrieved from Techopedia.
- 6 ‘2018 Internet Security Threat Report’. Retrieved from Symantec. Accessed, November 2018
- 7 Luke Irwin. (Mar, 2018). ‘Phishing Attacks Increased by 59% in 2017’. Retrieved from IT Governance.
- 8 Nate Lord. (Sep, 2018). ‘What is Advanced Threat Detection?’. Retrieved from Digital Guardian
- 9 (Nov, 2018). ‘Advanced Threat Detection (ADT)’. Retrieved from Techopedia.
- 10 Nate Lord. (Sep, 2018). ‘What is Advanced Threat Detection?’. Retrieved from Digital Guardian.
- 11 (Jul, 2017). ‘How To Detect Cyber Attacks Early’. Retrieved from GDPR Report.
- 12 (Apr, 2016). ‘Incident Reporting: 7 Reasons Why it’s Indispensable’. Retrieved from Plan Brothers.