3 Signs of a Cyber Attack and the First 3 Steps to Take

Cyber attacks can hit companies of any type and size. A study by the University of Maryland revealed that a computer is hacked every 39 seconds, for an average of 2,244 cyber attacks every single day. According to IBM’s Cost of a Data Breach Report, the average cyber attack costs the victimized company $3.86 million.

Cyber attacks can be difficult to identify and even more difficult to stop. How do you know if your company is being attacked – and what can you do to stop it?

Anatomy of a Cyber Attack

While there is no such thing as a “typical” cyber attack, most attacks start with some sort of reconnaissance, where the attacker studies potential targets to determine who to attack, where, and how. Savvy attackers weed out targets that are too well defended or offer little in return for their efforts. They also learn how best to attack targeted systems, identifying an organization’s technological and human weaknesses to help form an attack strategy.

The cyber attacker will then find a way to infiltrate the target computer or computer network. In many instances they use social engineering, essentially tricking an employee into providing necessary credentials. In other instances, the attacker exploits a flaw in the network or software to enter the system.

Once a cyber attacker has penetrated the target system, the actual attack occurs. An attacker may install malware on the host system to perform some further action, such as encrypting data or taking control of the system. He may root around for valuable data to download or he may simply seek to destroy data or system files, rendering the host system unusable.

Since most cyber attackers do not want to be discovered until they’ve accomplished their goals, they go to great lengths to cover their digital tracks and remain anonymous. The most effective attacks are so sanitized that they’re not even discovered for months afterward.

3 Signs Your Company is Experiencing a Cyber Attack

Sometimes, a cyber attack is blatantly obvious, as when ransomware shuts down access to a group of computers or a DDoS attack drives a website offline. Other cyber attacks are less noticeable, especially those that install remote control software or steal confidential data. According to the IBM report, it takes an average of 200 days to identify the typical data breach – and another 73 days to stop the attack.

How, then, can you recognize when your company is being attacked? Here are three key signs.

1. Slowed Network Traffic

In many attacks, the most obvious sign is slower-than-usual network traffic. Since the cyber attack itself uses network resources, this will typically cause the entire network to slow down to some degree. Network administrators should be on the lookout for unexpected changes in network traffic and be prepared to investigate for other signs of attack.

2. Unusual Password Activity

Many breaches involve the attacker taking unauthorized control of users’ accounts to access the system. This manifests itself in users being locked out of their accounts and having to reset their passwords. If network administrators experience a large number of password reset requests, the system may have been breached.

3. A Large Number of Outgoing Emails

Cyber attackers will often use a breached system to send out a large number of phishing or spam emails, using the attacked company’s email domain and even specific email addresses. If the network or email administrators notice an unusual amount of outgoing email messages, it’s time to investigate further.

3 Steps to Take if Your Company is Being Attacked

What should you and your IT staff do when you identify a cyber attack in progress? The proper response is a three-step process.

1. Contain and Stop the Attack

When an attack is discovered, it needs to be shut down and the attacker blocked from further access. This may be as simple as barring access from the attacker’s specific domain or IP address. It may require resetting all of the network’s usernames and passwords. It can even involve disconnecting from the Internet, shutting down the entire system, and rebooting fresh – or, if the damage is extensive or the attacker has embedded himself fully into the network, rebuilding the system from a recent backup.

2. Assess the Damage

Once the attack is contained, it’s time to determine the cause of the breach and assess the resulting damage. Your staff needs to evaluate how the attack was initiated and from where, and then work to prevent future intrusions of that kind. You need to identify what data was accessed or possibly altered, including which customer and employee records may have been exposed. Any damaged or missing data needs to be restored from the most recent backup.

3. Manage the Fallout

Finally, it’s important that everyone affected be promptly and properly notified of the breach. That means not only your employees but also any customers whose data has been compromised. Law enforcement should also be notified, as should your company’s insurance carrier (if you have cyber liability insurance – which you should). If it’s a large enough breach, working with your PR staff to notify the media is also important.

The bottom line is that a cyber attack can be stressful for all involved, but it’s manageable – if you prepare in advance and take the necessary steps after.

Reduce Your Risk of Cyber Attack with Secure Communications from AWS Wickr

One way to reduce your company’s risk of cyber attack is to use a secure platform for all internal and external communications. AWS Wickr offers companies voice and video calling and conferencing, file sharing, individual and group messaging, and more, all protected by end-to-end encryption, ensuring the ultimate in secure collaboration.

AWS Wickr offers fully encrypted communications for your company – download it today!