Despite the best efforts of security professionals and next generation security tools, hackers have the time and resources to keep one step ahead, so it’s not a case of ‘if’ but ‘when’ a cyber security attack will arise.
This blog post will assist you in identifying typical warning signs that your company has been the victim of a security breach and will outline the steps you should take to remediate.
Not all attacks are announced and come with ransom notes. You may not even be aware of a breach, so it’s critical that everyone within a business and its ecosystem are aware of the warning signs they might have been hacked.
Have you been hacked?
14 typical warning signs that could mean you have been hacked:
- Login issues.
- Unwelcome installations and unknown programs that start up when you start your computer.
- Random and/or frequent pop-up windows, especially ones that want you to visit unusual sites, or download antivirus or other software.
- Notifications from ‘spoof’ software that you don’t remember installing, encouraging you to change your personal settings or enter personal information.
- Mass emails are being sent from a company email account.
- Frequent crashes or unusually slow computer performance.
- New browser add-ons or new homepage locations.
- Unexpected changes to files, especially those saved in the cloud.
- Programs automatically connecting to the Internet.
- Internet searches are being redirected.
- Weird online activity, such as your cursor moving.
- Changes to your security settings that you didn’t make.
- Confidential and sensitive data has been leaked.
- Unusual financial activity, such as your online account is missing money.
Steps to take if you have been hacked
A quick and efficient response to a cyber attack is invaluable. Reducing the time-to-detection, time-to-contain and remediate, not only saves an untold amount of time, money and staff hours but also minimises any potential damage to both brand and share price.
If you think that you have been hacked, you may rush to back up and restore systems, however be mindful that this may still leave an open door for the attackers.
The first step should always be to investigate and contain the breach. Recognising there has been an attack and identifying the cause is vital to minimising damage and nullifying the threat. Attacks are becoming ever more sophisticated and it’s now common practice for one attack to act as a smokescreen for another. Attackers tend to try and stay hidden once they get in to explore vulnerabilities and exploit any further opportunities that they can find.
If you don’t use a Managed Security Service Provider (MSSP) to provide a Managed Cyber Incident Response Service (CIR), then we would recommend that you engage with a cyber security professional who can undertake emergency response services as well as providing a comprehensive security assessment that:
- Can Identify the breach including any data loss.
- Determines attack vectors and identifies the attacker.
- Confirms that there are no other undetected breaches.
- Provides guidance to management, including external communications.
- Advises how you can recover from the event.
- Recommends actions aimed at preventing other events and minimises the impact of any future events.
- Calculates the financial impact, which can be used for regulatory reports and insurance requirements.
Defense starts with protection
A breach can sometimes help you to be better prepared for future attacks. Whether you choose to invest in a well prepared CIRP or simply focus on your overall security tools and measures, with security attacks becoming more frequent and complex, you cannot afford to cut corners.
Now might just be the right time for you to re-evaluate your cyber security arrangements. Please get in touch with the Infosec Partners team for an informal chat about your cyber security needs.