Breach detection: how to know if your business has been compromised
on 22 Nov, 2018
When many people think of cyber attacks and data breaches they often imagine scary pop-ups demanding a ransom or making threats. These are the kinds of hacks that are commonly portrayed in movies and other media because they are most attention grabbing.
Most people will be surprised to learn, however, that often the most damaging sorts of attacks are the ones that go undetected, operating silently in the background.
The majority of cyber-crimes targeting businesses actually rely on their ability to stay hidden. If a hack announces itself it may sometimes panic a user into the kind of action it wants, but there are typically far greater benefits in hiding in the background undetected. Here a cyber-criminal could be conducting reconnaissance, intercepting communications and data, or hijacking system resources.
According to a report from the Ponemon Institute, the average time it takes businesses to become aware of breaches (or its ‘dwell time’) is 191 days. With this statistic in mind, it could well be the case that your business has been compromised without you even knowing it.
Here we take a look at the weaknesses in certain forms of cyber security as well as examining how you can tell if your organisation has suffered a breach.
Why traditional defences aren’t enough
Some business owners believe that they do not need to be concerned about the possibility of cyber-crime either because they don’t believe they will be targeted or already have strong defences in place. An expensive subscription to firewall and anti-virus software as well as an in-house IT specialist should be enough to defend against hackers, right?
Sadly, there is no silver bullet to prevent 100% of cyber-attacks. With cybercriminals continually evolving their tactics and techniques, breaches have become an operational reality for every business.
Traditional perimeter security solutions are still important tools to defend businesses against cyber threats, but there are many threats that they simply cannot defend against. And while owners may place their trust in IT specialists that have an overall understanding of their businesses’ infrastructure, many IT staff are overstretched and have competing priorities which means they have less time to regularly assess, monitor and respond to cyber security risks.
The need for visibility
Having the capability to identify threats inside the network perimeter is now an increasingly important aspect of cyber security. To do this effectively, organisations require the ability to capture and analyse a wide range of data and intelligence in order to identify signs of malicious activity.
Security information and event management (SIEM) is a common way to achieve the level of insight needed to detect threats before they cause damage and disruption. SIEM technology works by gathering data and information from across on-premise and cloud networks, correlating that data, and then using it to understand threat behaviour.
Additional technologies, such as UEBA and EDR, can be used alongside SIEM to further improve visibility of risks such as insider threats and attacks targeting endpoint devices.
Work with experienced professionals
Just as an important as the technologies that you deploy to detect threats is the highly skilled cyber security professionals needed to leverage them. Individuals with an in-depth knowledge of cyber security and the latest threats are needed to manage, monitor and configure your chosen tools to work as effectively as possible.
For businesses that lack specialist security expertise or the budget to employ full time security personnel to managed cyber security 24/7, outsourcing needs to a provider of managed detection and response services is a highly effective option to help detect and respond to attacks before they cause damage and disruption.
Regular security assessments
To enhance threat discovery, it’s also important to conduct regular cyber security testing. Testing can help you to understand and address any weaknesses and vulnerabilities within your systems and could include everything from automated vulnerability scans and human-led penetration tests, to in-depth red team operations, designed to simulate a targeted attack on your business.
It is better for weaknesses to be exposed in ethically conducted assessments, rather than having to face the consequences of a successful hack which could result in lost data, reputational damage and even fines from regulatory bodies.
Mike James is a cybersecurity professional and author