Part 2: How to detect a cyber attack early
In this Article:
- Detecting a cyber attack
- Know what to look for
- What a cyber attack looks like
- Monitor your network
- Watch your bank account
- Also in this series
In Part 1 of the Small Business Guide to Cyber Security, we learned how to prevent an attack from happening. Despite your best efforts, however, it’s possible for hackers to get into your system. In that case, it’s important to detect an attack early. Here’s what you need to know.
🕵 Detecting a cyber attack
Threat actors – those who try to enter your system for the purpose of causing harm – can get into your system and stay there, undetected, for weeks or even months. Your data can be compromised and put up for sale on the dark web before you even know about it. Early detection is critical to minimizing the damage that a cyber incident can cause.
🔎 Know what to look for
The methods used by threat actors to gain access to your data are constantly evolving, which makes it challenging to keep up. Here are some of the most common threats you should be aware of.
Ransomware
Ransomware is malicious software that aims to lock down critical business systems. It works by “infecting” a computer network and blocking access to important functions and data, which are then held hostage by the attacker until the business pays a ransom or takes a specific action requested by the perpetrator.
You may discover that your computer system has been infected by ransomware because you suddenly cannot access your programs or files, or you may receive a demand to pay a ransom, often including a threat to expose your data on the dark web.
Phishing
Phishing attacks occur when deceptive emails are sent to you or your employees, encouraging them to share private or company information that may lead to a compromise where an attacker can gain access to internal systems. Phishing emails may include a link to click to update information and may appear to come from a legitimate source or a known contact.
You may realize you’ve fallen victim to a phishing attack if you click on a link and are taken to a page you don’t recognize, or if your system locks up. But sometimes you are unaware that you’ve clicked on a fraudulent link until later, when you realize that your information has been compromised.
Malware
Malware is malicious software utilized by criminals to disrupt computers and interfere with privacy and leak data. Malware “infects” your device, allowing criminals to gain access and control. Malware can be released onto your system in a number of ways: through a phishing email, by exploiting a system vulnerability, or because you share files with a customer or vendor who has been infected.
Frequent system crashes, programs or pop-ups you don’t recognize, or changes to your browser can indicate that malware has found its way into your system. In short, if there’s a change to your system you didn’t make or don’t recognize, malware may be at work.
🎯 Knowing these top threats and their tendencies is a simple step for you and your employees to detect an incoming attack. Check out these additional resources to learn more about cyber threats and how to identify them.
👨💻 What a cyber attack looks like
Threat actors are becoming more sophisticated all the time, so it can be challenging to detect an attack in the ever-changing threat landscape. Here are some cyber attacks we’ve seen, and what the business did when they detected the intrusion.
The IT vendor of a real estate company was the victim of a ransomware attack, and the company’s files that were hosted on the vendors servers were at risk. In this case, the insured company was notified by their vendor of the breach, and they promptly contacted us to report that information, including social security numbers of several employees, was exposed. The policyholder consulted with the expert breach counsel we provided, which recommended a course of action to notify the affected parties and offer credit monitoring.
A threat actor encrypted the files of a medical office, demanding a ransom of 5 Bitcoin to decrypt the data. The medical office contacted Hiscox immediately to notify us of the ransom demand. We arranged for breach counsel, who engaged a forensics firm to investigate, and to engage with the threat actor. The forensics firm negotiated the ransom demand down to 1 Bitcoin (about $30,000 at the time), issued the payment, and received a decryption key to restore the data. Breach counsel notified the affected individuals and offered credit monitoring.
👀 Monitor your network
An intrusion into your network will leave evidence, so regularly monitoring your network can alert you early to unusual activity that could indicate a breach has taken place. Take these steps to help you detect an attack as early as possible.
- Install a monitoring tool that will check your network regularly.
- Establish a baseline so you know what your network looks like when it’s healthy.
- Review your logs regularly for signs of suspicious activity.
- Set up alerts so you’re notified when your monitoring tool finds something that doesn’t look right.
- Assess your vulnerability so you know where points of entry may be.
- Monitor external connections – a threat has to come from somewhere so make sure you’re making it as difficult as possible for a threat actor to access your network. This is a lot for a small business owner to learn about and stay on top of. An IT consultant may be able to help by installing the required tools and monitoring your network for you.
💰 Watch your bank account
Not all threats show up on your computer system first, so be sure to also keep a close eye on your business bank account. Cyber criminals who’ve gained access to your banking credentials will sometimes process a small transaction to verify that the account is open, before they go in for a bigger amount. If you see a small denomination transaction that doesn’t look right, report it immediately and you could save yourself a whole lot of money down the road.
💡✍ Early detection can help you reduce the damage from a cyber attack, but there are additional steps you can take to protect your business. To learn more, read Part 3: Mitigate the Damage from an Attack.
📢 Also in this series:
Related Articles
How to mitigate the damage of a cyber attack
This part of our Cyber Security series covers how to minimize the damage and recover fast from a cyber attack. Learn the critical steps to protect your business and bounce back stronger!
Mitigate and move forward
This part of our Cyber Security series covers how to minimize the damage and recover fast from a cyber attack. Learn the critical steps to protect your business and bounce back stronger!
How to prevent a cyber attack
Our cyber security series helps business owners to prevent, detect, and mitigate cyber attacks. In this guide, learn practical tips to prevent a cyber attack. Dig into this in-depth guide now to protect your business's most important asset - your data!
Stay one step ahead
Our cyber security series helps business owners to prevent, detect, and mitigate cyber attacks. In this guide, learn practical tips to prevent a cyber attack. Dig into this in-depth guide now to protect your business's most important asset - your data!
How the end of Daylight Saving Time can impact your business
With the end of Daylight Saving Time, business owners face new challenges like lower foot traffic and decreased productivity. Explore these practical tips to keep your business running smoothly as the days get darker.
Don't fall behind
With the end of Daylight Saving Time, business owners face new challenges like lower foot traffic and decreased productivity. Explore these practical tips to keep your business running smoothly as the days get darker.
We provide tailored insurance for the specific risks you face, so you can take the right risks to grow your business.