In today’s threatscape, it’s not at all uncommon to hear about how companies are affected by security breaches. Every week it seems like there’s some new pieces of malware threatening companies of all sizes and for SMBs, it’s particularly difficult because not only are they more frequently the target of attacks, but the damage caused by an attack is much harder for an SMB to overcome.
Still, the threats keep coming and often they’re very difficult to detect. According to Microsoft’s Advanced Threat Analytics, the median time before an attack is discovered is about 146 days. This is called the breach detection gap, or dwell time, and the length of time can vary from company to company. According to a Trustwave report, in over 81% of cases, intrusions were more often discovered by a third party rather than by the internal security processes of the company that was compromised.
Figure 1: Breach detection gap examples. (Source: Infocyte.com)
So, has your network been compromised? Would you know if it had? And how should you respond if you suspect there’s been a security breach?
Recognizing a Network Security Breach
Hackers and other cybercriminals have gotten pretty adept at compromising company networks. Verizon’s 2017 Data Breach Investigations Report found that two of the most commonly used tools for compromising networks are malware and stolen or weak passwords. What’s more, phishing is still a major problem. One in 14 people still don’t recognize phishing emails and still click on links or download attachments that carry a malicious payload.
Unlike ransomware, however, a data breach rarely comes with a clear signal that your system or network has been infected. Instead, criminals try to slip malicious code into your network that gathers and sends data. That data is then sold and resold for criminal purposes such as theft, identity theft, or fraud.
Alternatively, a security breach can be a theft of a different source. Rather than capturing and reselling your sensitive company or customer data, some hackers may be more interested in your computing resources. They attack your network with the specific intent of taking it over and using it as part of a larger group—called a zombie network or botnet—which is then used to attack larger targets.
Through all of this, many SMBs may not even realize their computers or networks have been compromised until someone else tells them. But there are some telltale signs that your network might have been compromised. If any of the following are happening on your network, then you may be experiencing a data breach:
- You can’t perform routine updates.
- Your network performance decreases suddenly and dramatically.
- You notice unusual activity on your network.
- Your antivirus software is disabled and you can’t re-enable it.
- Your cursor and your screen behave erratically.
If You Suspect a Security Breach
If any of the events mentioned above cause you to think your network may have been compromised, do something about it now. Don’t wait. The longer a breach goes unmitigated, the more information the criminals can steal and the more damage that can be done, so it’s imperative that you act fast to confirm if your network is compromised and to contain the damage as much as possible.
The first step you need to take is to isolate the vulnerability if you can. If you have the technical expertise, find and quarantine the malicious code. If you don’t have that expertise, find someone who does and while you’re waiting for them to get to your office, change all your passwords. Use password creation best practices and don’t use the same password across all your applications and accounts.
You should also notify the authorities that your network has been hacked. It’s not required and law enforcement may not help you at all, but if there’s a larger, coordinated attack going on, reporting your experiences could help protect other, similar organizations.
Prepare to notify your customers, even if you don’t think their data has been compromised. Notification of the data breach won’t go over with your customers under any circumstances, but it is better if they hear it directly from you, rather than from a source outside of your company.
SMB security breaches are on the rise because they’re easy targets, and even if they don’t have any data of value, they have computing resources that can gain access to larger, more lucrative targets. If your network starts behaving strangely, it’s possible you’ve experienced a breach. Act quickly, and if necessary, bring in someone to help regain your network security so you can clean up the mess caused by the breach as quickly as possible.