It's not always easy to tell if your business has experienced a cyber security breach. Attackers use a variety of ways to avoid detection, so that they can stay in your system long enough to harvest as much data as possible.
Unfortunately, many businesses that experience a breach won't immediately know about it. Sometimes, it can take months - and often longer - to realise that an attack has taken place. By that stage, attackers might have already caused significant damage to your business or customers. Learn about the impact of cyber attack on your business.
How to detect a security breach
Detecting cyber attacks is a challenge even for the experts, but certain signs could indicate that a cyber breach or intrusion is underway. The following may all be warning signs:
- suspicious network activity (eg strange file transfers or log in attempts)
- sudden changes to critical infrastructure or system passwords and accounts
- suspicious files in your system, which may or may not have been encrypted
- suspicious banking activities and transactions
- inexplicable loss of access to your network, email or social media accounts
- leakage of customer details, client lists or company secrets
- unusually slow internet connections and intermittent network access
- error signs or warnings in browsers, anti-virus or anti-malware tools alerting you to infections
If you have a business website, you should monitor it for any anomalies that may suggest that an attack may be in progress. For example:
- unexplained inconsistencies or questionable extras in your code
- problems with administrative logins or accessing management functions
- unexplained changes in traffic volume (eg sudden and drastic drop)
- unexplained changes in the design, layout or content of your site
- performance issues affecting the availability and accessibility of your website
See how to detect spam, malware and virus attacks.
Criminals are constantly searching for new vulnerabilities in evolving digital environments. It's worth staying informed about current and emerging threats. As well as keeping your systems, servers and applications up to date, you could also consider deploying breach detection tools, which may be more effective in rapid or early detention of threats.
Breach detection systems
Breach detection tools (also known as intrusion detection tools) can help identify threats inside your network. They are either software or hardware products capable of recognising active threats and alerting relevant security staff that they need to take action. For example, you can set up these tools to monitor the network and send an alert if they suspect:
- suspicious user behaviour
- vulnerability in the network
- threats in applications and programs
These tools focus on identifying intrusions after they happen, containing and controlling the breach, and mitigating the damage. Many different products exist in the market, from open source tools to commercial packages. Read more about business data breach and theft.
How to contain and control cyber breach
Security and data incidents are becoming a daily norm for many businesses. No single product or method will give you a 100 per cent guarantee that your business' cyber defences will hold.
Before you detect an intrusion, you should consider and decide in advance how you will manage your response. It may help to develop a comprehensive cyber security incident response plan to help you contain and recover from any potential breach.
After you detect an intrusion or realise that a crime has been committed, you should report it to the relevant authorities. See how to report a cyber crime.
Follow other best practices for cyber security risk management in your business.