Thursday, March 28, 2024
Subscribe to Small Business Monthly
Small Business Monthly on Facebook Small Business Monthly on Twitter Small Business Monthly on LinkedIn

SBM Articles

 Search

How Do You Know You've Been Hacked

by Scott M. Lewis

We all spend a lot of time talking about security awareness, prevention, and how we are keeping people out of our servers and workstations. However, how would you know if you did have a security breach? What would be some of the signs that would indicate that you had a breach? In most cases, what we all think is going to happen is that alarms will go off in the IT department’s office, or some warning is going to pop up on our screens. In most security breach scenarios, however, nothing happens. A skilled hacker doesn’t want you to know he is there. He or she will take precautions to keep the alarms from going off and to prevent strange behavior on your network. Yet, there will be side effects from the hacking activity. If you have a more substantial infrastructure or system, the hacker is after the computing power available on your network more than anything.

A data breach is defined as when a cybercriminal, which could be external or internal, gains access to sensitive data or server resources. The most significant threat to your data is your employees, and is something that needs to be part of your preventative measures. There are many ways this could be done, according to Trend Micro, with some of the most common methods and steps that cybercriminals go through are:

- Research: cybercriminals come in many forms, but they are all schooled in the art of research. They know where the weaknesses are, such as the people and creating human error to gain access. Publicized system or network weaknesses, which could be published vulnerabilities from the manufactures or other resources. Cybercriminals will take the time to research your company, getting to know your ownership and your employees. To be cautious, meter what information you put on the public face of your organization.

- An Attack: in today’s technological world, this can mean a lot of things including a denial of service, malware, virus, or ransomware attack. Most of these types of virus attacks do require some kind of human intervention to be successful, so end-user training is critical. Cybercriminals know the weakest point is typically the human, so phishing attacks or spear phishing is more commonplace because it is merely a matter of time before a human makes a mistake. Additionally, many of the tools skilled hackers use are automated, so it is easy to “set it and forget it” until the hacker’s system cracks the code or password.

- Network / Social Attack: this is where a cybercriminal takes advantage of the system, network weaknesses, or application weaknesses. System or network weaknesses could be a result of not having proper patching in place, old equipment, or misconfigured equipment. All applications have flaws, so it is essential to research applications to make sure you know how to set them up and configure them to be secure, especially if you are going to access them from outside of your network. The social attack is taking advantage of the human factor and exploiting the human to gain access through the use of social media or data sharing sites.

- Exfiltration: once Cybercriminals have gained access to your system or network, skilled cybercriminals can use other techniques to navigate through your network undetected. Technologies such as pivoting, exploiting shares, or mapped drives allow them to tunnel to additional resources and data shares on the system.

Signs of a Breach

Yes, there will be subtle signs, but if you are not watching for them or are not aware of the meaning of these signs, then they can be easily overlooked. A skilled hacker is hoping you will ignore these subtle signs, so this is an end-user education and training area. According to InfoWorld Magazine, some of the commonly overlooked hacking signs are:
- You have new or unwanted browser bars on your desktop.
- Internet searches are routinely redirected to someplace you were not expecting.
- You have frequent pop-ups.
- Friends get social media requests that you did not send.
- Your online password is not working, or your password needs to be reset frequently.
- You discover unexpected software installs.
- Your mouse moves between programs and makes selections.
- Your Anti-Virus, Malware, or other protections are disabled.
- You get a notice or call from someone that you don’t know or is unexpectedly telling you that you were hacked.
- Confidential data has been leaked.
- You observe strange network activity.
- Network data is routinely moved or deleted.

Security breaches are becoming more costly. According to CSO Magazine, a 2019 report stated that within the next 24 months, more than 30% of companies would be a victim of a security breach. In the same report, CSO estimates that U.S. based companies will have the highest average cost of $8.19 million per violation. The price is going to vary, but in large part, it is being driven by state and federal reporting and management regulations. Additionally, the average data breach is now about 26,000 records, which is an increase of 4% over 2018. On average, the customer turnover rate following a data breach is 3.4% depending on the vertical market and type of business.

Check out the Small Business Monthly next month for part two.

Scott Lewis is the President and CEO of Winning Technologies Group of Companies, which includes Liberty One Software. Scott has more than 36 years of experience in the technology industry and is a nationally recognized speaker and author on technology subjects. Scott has worked with hundreds of large and small businesses to empower them to use technology to improve work processes, increase productivity, and reduce costs. Scott has designed thousands of systems for large, medium, and small companies, and Winning Technologies’ goal is to work with companies on the selection, implementation, management, and support of technology resources. Learn more about Winning Technologies at www.winningtech.com or call 877-379-8279.
Submitted 3 years 333 days ago
Tags:
Categories: categoryTechnology
Views: 2275
Print