How to spot a cyberattack before it happens

As we all know, one person alone can’t stop a hack. You need two people typing on the same keyboard and a third to kill the power.

We jest, but Hollywood’s depiction of hacking has done a disservice to those in the information security sector. While films and TV like to make a cyberattack look like some grand operation with a flashy payoff, the truth is that cyberattacks are often conducted silently to evade detection.

Attacks often happen in different stages which can take place sequentially or concurrently. These stages can include:

  • Reconnaissance – Finding and researching a target to identify soft spots;
  • Weaponisation – Tools that will be used in the attack are identified and prepared;
  • Delivery – The attack begins, usually through phishing;
  • Exploitation – Once a foothold is established, criminals weave their way through a network;
  • Installation – Additional malware and backdoors are installed or created;
  • Command and control – Criminals expand control to run the systems they have breached;
  • Actions – Main action takes place and breach is detected or becomes known.

As you can tell, a cyberattack targets all areas of a business in order to establish a foothold. Any good hacker knows that if you want to get to the top floor, you have to go through a few doors.

As such, chief technology officer at Performanta, Gerhard Swart notes that knowing the signs of a breach is a job for everybody in the company.

“Vigilance and knowledge are the most powerful ways to deter cyberattacks,” says Swart. “It’s to the benefit of the criminals if only security teams know the signs of a building attack. Fortunately, anyone can grasp the fundamentals behind a cyberattack and highlight suspicious activities.”

While each attack will look and play out differently, Swart says there are telltale signs that your business is being attacked.

Unusual network activity is one such sign. Attackers may try to access multiple files while searching for the information they want. If your business has processes in place to monitor network activity, you can monitor those logs for signs of espionage.

Similarly, using activity logs, one can monitor for log-in attempts at odd times. If suddenly there is a raft of logins at 02:00 in the morning while employees are sleeping, that’s a warning sign. These credentials can be gleaned through phishing attacks so its important that employees know how to spot a phishing email to avoid a breach.

According to Performanta, there are three things employers should do to enable employees to highlight suspicious activity before it evolves into a full-blown attack.

“Firstly, they should support and encourage security training for their staff, including regular tests, and do so supportively. Businesses should make their employees feel like part of the solution, not the problem. Secondly, businesses should encourage general vigilance – if someone notices something strange, they should speak up. Employees should be given accessible channels to notify security concerns, even frivolous ones. And thirdly, businesses should look to invest in technology services that improve detection, visibility and reporting. Security tasks can quickly overwhelm security and IT teams, while the right security services alleviate such pressure,” the cybersecurity firm explains.

With cybercriminals targeting small businesses with increasing regularity, entrepreneurs must recognise the warning signs of a breach before it evolves further. It’s not a matter of if a company will be targeted, but when.


About Author


Related News