Part 2: How to detect a cyber attack early

In this Article:

• Detecting a cyber attack
• Know what to look for
• What a cyber attack looks like
• Monitor your network
• Watch your bank account 
• Also in this series

In Part 1 of the Small Business Guide to Cyber Security, we learned how to prevent an attack from happening. Despite your best efforts, however, it’s possible for hackers to get into your system. In that case, it’s important to detect an attack early. Here’s what you need to know.

🕵 Detecting a cyber attack

Threat actors – those who try to enter your system for the purpose of causing harm – can get into your system and stay there, undetected, for weeks or even months. Your data can be compromised and put up for sale on the dark web before you even know about it. Early detection is critical to minimizing the damage that a cyber incident can cause.

Back to top

🔎 Know what to look for

The methods used by threat actors to gain access to your data are constantly evolving, which makes it challenging to keep up. Here are some of the most common threats you should be aware of.  

Ransomware

Ransomware is malicious software that aims to lock down critical business systems. It works by “infecting” a computer network and blocking access to important functions and data, which are then held hostage by the attacker until the business pays a ransom or takes a specific action requested by the perpetrator.  

You may discover that your computer system has been infected by ransomware because you suddenly cannot access your programs or files, or you may receive a demand to pay a ransom, often including a threat to expose your data on the dark web.

Phishing

Phishing attacks occur when deceptive emails are sent to you or your employees, encouraging them to share private or company information that may lead to a compromise where an attacker can gain access to internal systems. Phishing emails may include a link to click to update information and may appear to come from a legitimate source or a known contact.

You may realize you’ve fallen victim to a phishing attack if you click on a link and are taken to a page you don’t recognize, or if your system locks up. But sometimes you are unaware that you’ve clicked on a fraudulent link until later, when you realize that your information has been compromised.

Malware

Malware is malicious software utilized by criminals to disrupt computers and interfere with privacy and leak data. Malware “infects” your device, allowing criminals to gain access and control. Malware can be released onto your system in a number of ways: through a phishing email, by exploiting a system vulnerability, or because you share files with a customer or vendor who has been infected.

Frequent system crashes, programs or pop-ups you don’t recognize, or changes to your browser can indicate that malware has found its way into your system. In short, if there’s a change to your system you didn’t make or don’t recognize, malware may be at work.

🎯 Knowing these top threats and their tendencies is a simple step for you and your employees to detect an incoming attack. Check out these additional resources to learn more about cyber threats and how to identify them.

• CISA Cybersecurity Awareness Program Small Business Resources | CISA
• National Cybersecurity Alliance

Back to top

👨‍💻 What a cyber attack looks like

Threat actors are becoming more sophisticated all the time, so it can be challenging to detect an attack in the ever-changing threat landscape. Here are some cyber attacks we’ve seen, and what the business did when they detected the intrusion.

The IT vendor of a real estate company was the victim of a ransomware attack, and the company’s files that were hosted on the vendors servers were at risk. In this case, the insured company was notified by their vendor of the breach, and they promptly contacted us to report that information, including social security numbers of several employees, was exposed. The policyholder consulted with the expert breach counsel we provided, which recommended a course of action to notify the affected parties and offer credit monitoring. 

A threat actor encrypted the files of a medical office, demanding a ransom of 5 Bitcoin to decrypt the data. The medical office contacted Hiscox immediately to notify us of the ransom demand. We arranged for breach counsel, who engaged a forensics firm to investigate, and to engage with the threat actor. The forensics firm negotiated the ransom demand down to 1 Bitcoin (about $30,000 at the time), issued the payment, and received a decryption key to restore the data. Breach counsel notified the affected individuals and offered credit monitoring.

Back to top

👀 Monitor your network

An intrusion into your network will leave evidence, so regularly monitoring your network can alert you early to unusual activity that could indicate a breach has taken place. Take these steps to help you detect an attack as early as possible.

1. Install a monitoring tool that will check your network regularly.
2. Establish a baseline so you know what your network looks like when it’s healthy.
3. Review your logs regularly for signs of suspicious activity.
4. Set up alerts so you’re notified when your monitoring tool finds something that doesn’t look right.
5. Assess your vulnerability so you know where points of entry may be.
6. Monitor external connections – a threat has to come from somewhere so make sure you’re making it as difficult as possible for a threat actor to access your network. This is a lot for a small business owner to learn about and stay on top of. An IT consultant may be able to help by installing the required tools and monitoring your network for you.

Back to top

💰 Watch your bank account

Not all threats show up on your computer system first, so be sure to also keep a close eye on your business bank account. Cyber criminals who’ve gained access to your banking credentials will sometimes process a small transaction to verify that the account is open, before they go in for a bigger amount. If you see a small denomination transaction that doesn’t look right, report it immediately and you could save yourself a whole lot of money down the road.

Back to top

💡✍ Early detection can help you reduce the damage from a cyber attack, but there are additional steps you can take to protect your business. To learn more, read Part 3: Mitigate the Damage from an Attack.

📢 Also in this series:

• Small Business Guide to Cyber Security Part 1: How to Prevent an Attack
• Small Business Guide to Cyber Security Part 3: Mitigate the Damage of an Attack

Back to top