You've increased your awareness of cyber security risks and educated others to improve their knowledge. You have implemented policies and processes to help ensure things run smoothly. Technology deterrents are in place, the software has been updated, and backups are taken. You are as ready as you can be for cyber incidents.
No matter how prepared you are, the odds are that you will, at some point, suffer some breach. This article provides some high-level guidance on what symptoms could result from a breach. This is not a comprehensive list but provides some things to look for.
1) Overt breaches
Sometimes the cybercriminals let you know that they have been able to access your system. While this is helpful, it also shows you have been unable to ward off their attacks and have not been able to detect them accessing your systems or data. Further investigation and implementation of your incident response plan will be necessary in each case.
When a ransomware attack occurs, the criminal will encrypt the data and then display a notification that the data on the system has been encrypted. There will be a demand to pay a certain amount of money by a particular time, or the data will be destroyed or published. Without the decryption key or restoring the data from the backup, you will be unable to access your data.
One of the easiest ways to know your website has been compromised is when it has been defaced with a message from a hacker. The message could be to support some cause or a political statement. Either way, the fact that they have put a note on your website indicates they have been able to breach your website.
You may receive a message from a hacker claiming they have destroyed some of your data or programs. While a general, vague statement may be a hoax, a message with details of specific files or folders is likely to be a strong indicator that they have breached your system and can access your data.
2) Covert breaches
Unlike overt breaches, where it is obvious an infringement has taken place, overt violations may remain undetected for a long time, maybe years. These breaches can be difficult to identify. The following are symptoms that could point to the presence of a violation. The existence of a single sign may not be a conclusive indicator of a breach, but multiple symptoms would point to something strange happening and warrant deeper investigation.
Devices are running slower
Devices can run slower for several reasons, including running out of memory, low disk space, failing hardware and a poor internet connection. Typically these tend to slow the device down over time. Degraded performance for a short time may result from malware or other miliciasoes activities running on the device.
System programs are not running.
Sometimes malicious programs will avoid detection by stopping system programs such as task manager and registry editor from running.
Changes in device settings
Settings that change without your knowledge may be an indication of problems. Most software will not make changes to settings without notification and approval.
The appearance of new or unapproved applications should always be investigated. Sometimes a device manufacturer may install new software, mainly when a significant software update occurs, but generally, the appearance of new apps or programs should be investigated.
Files are missing or changed
Missing or modifying files may indicate potential problems; before blaming a hacker, check that you have not given access to the file to someone else or that anyone using your computer has not made the changes.
Websites appear different
A typical phishing attack is to create a website that looks very similar to a legitimate site. If a website looks different, it could be a phishing attack. Also, websites could change their appearance if malware sits between you and the website.
Any device or system that starts to behave unusually could be suffering from a breach. Other types of unusual activity include:
- Increased data usage
- Unexplained phone call or SMS charges
- Crashing or rebooting
- Pop-ups appearing
- New browser search page
- New browser home page
Actions to take
If you suspect your device may have been breached immediately:
- run an antivirus/antimalware scan
- backup your data
- isolate the system - disconnect from the network
- get professional assistance