Today we’re going to look at 12 telltale signs that your organisation has been hacked, or is about to be targeted by cyber criminals, insider attacks or implicated in a wider data breach on a service that your organisation uses. It’s important to start a piece like this with a frank warning that not only are cyberattacks increasing, the severity of these breaches is skyrocketing and hackers are continuing to target small and medium-sized enterprises with cyber attacks.
Why? Because hackers are smart enough to know that SMEs don’t have the time, resources or the awareness to invest in information security measures. As a result, it’s forecasted that the cost of cyber crime in 2025 will exceed $10.5 trillion, which marks a huge increase from $3 trillion in 2015. Specific to the SME sector is the warning that cyber attacks and data breaches are costing organisations $7.6 billion each year.
With this in mind, let’s talk about some of the most prominent signs that your operations are either being targeted by a phishing campaign, or is displaying one of the 13 signs that your organisation has been hacked.
Unusual emails from employees or customers
Be vigilant of any email communications from staff members, particularly senior management and executives asking for the purchase of unusual items like gift cards or cryptocurrencies. Hackers are smart enough to realise who is the CEO or manager of a business, and they’ll create a fraudulent email domain using the same photo and near-identical email address.
If any of your staff report unusual requests, take a precautionary step and update passwords across the organisation to ensure a hacker hasn’t fooled any employees into clicking a malicious link buried inside an innocuous looking email from the manager.
Bizarre outbound network traffic
If your networks are suddenly displaying some unusual outbound network traffic, this is a clear signal that someone outside your organisation could have made their way into your IT system. If there is no logical reason for a spike in outbound network activity in your organisation, there is the potential that outside threat actors are making moves inside your network. Geographical regions to watch out for here are typically based in China, Russia, North Korea and Eastern bloc countries.
Reduced Network speed
If you’ve noticed a considerable drop in the speed of your network, this could be the result of hackers transferring data out of your network or using it for other nefarious purposes. Operating speeds can be reduced by either the transfer of files with your network, or the installation of software – without the organisation’s knowledge – that works in the background and drains processing power from your network. This is perhaps one of the most significant of the 13 signs that your organisation has been hacked.
Large amount of connection attempts to your network
If you have received emails from service providers asking for two factor authentication or warning that there have been an usual amount of login attempts to access your network, this could be another sign that your system is compromised. Hackers often launch brute force attacks on login credentials, which can be optimised with phishing campaigns in the unusual emails we talked about earlier.
13 Signs Your Organisation Has Been Hacked
Large volumes of help requests or inquiries
In the same way that emails from the executive team can be spoofed by hackers requesting the purchase of things like gift cards, hackers also commonly use help requests for their attempts to compromise a network. If your IT team is receiving an unusual amount of help requests from members of your team, ensure you contact these team members directly and ensure they were the original sender. If not, it’s likely a hacker is using help requests to fool a member of your team into handing over sensitive information that will help them further compromise your network.
Unusual privileged user account behaviour
One of the most important parts of setting up an information security system is ensuring that members of staff only have access to the files they need for their job, and the most sensitive parts of your network are restricted to only a few privileged users. If, for example, a member of your team has no discernible need to access that part of the network, follow-up with them directly and ensure that their email domain is not being spoofed by an outside threat actor. This is one of the 13 signs your organisation has been hacked that can actually be tackled directly with information security policies internally.
Large volumes of file requests
If you’ve noticed that there is a higher than usual demand for file downloads and requests, it’s time to dig deeper and determine why. If members of your staff need access to more files for their activities, you can verify this and grant access. If, however, there has been no demand from members of your staff, yet there are still requests for access, the source of these file requests may well prove to be hackers looking to dig deeper into your network.
Unknown login notifications
Typically, if a service provider you use notices that someone has attempted to log in to your network from a completely different IP address to your organisation’s typical set of IP addresses. If there is no rational explanation for this, the cause could likely be found in the fact that hackers are attempting to make their way into your network with a range of tactics. While your organisation should be notified of these attempts, it’s important to take note of any suspicious login attempts or notifications.
One of the most simple ways to detect a cyber breach is to determine where the traffic has originated from, and if it looks suspicious, the cause is likely an attempted cyber attack against your organisation. Your IT team will have a clear picture of where your ‘usual’ traffic originates, so compare these with any anomalies you experience with an extremely critical eye. A sudden spike in traffic from China, for example, can be a clear signal that your network is being targeted by attackers.
Database extractions, downloads or restrictions
Ensure that any and all sensitive data is contained within a network that monitors file extractions and downloads. Placing restrictions on virtual areas of your operations that contain sensitive data like client or financial information will help you monitor when there are any attempts to extract this type of data. The reverse also applies, whereby a hacker will place a restriction on your ability to access certain files and parts of your network, so if you’ve noticed you’re unable to open certain files, it’s time to do some due diligence and find out why.
If you’ve received a ransomware message, unfortunately, it’s likely that your organisation has already been breached, however, the hackers in question may also be bluffing. In a ransomware attack, hackers will make either your entire, or parts of your network inaccessible until a ransom is paid. By the time you receive a message confirming your organisation has been targeted by a ransomware attack, chances are the hackers are already inside and are beginning their extortion campaign.
Suspicious email requests or notifications
If your organisation is suddenly being contacted by strangers with opportunities that seem too good to be true, it’s essential that you treat these with scepticism. Hackers will often appeal to the organisation’s desire to grow, and can offer opportunities to be featured in the media, or propose a new, exciting business proposal. If you’ve been contacted out of the blue by someone offering a project, do not open any attachments or click links provided, and ensure you cross-reference their email domain and ensure they are a real person before replying. This, unfortunately, is one of the most significant, yet difficult to spot signs that you’ve been hacked.
Large data breaches of a service your organisation uses
The final sign that your organisation may have been hacked is perhaps the easiest to forget about completely. As you expand your organisation, it’s likely that you’ve signed up for a number of digital services that help you become more efficient. The downside is that these platforms, like any, remain prone to cyber attacks and are particularly valuable because they are essentially a treasure trove of email addresses and passwords that hackers can use in future campaigns. These providers are typically required to contact their customers in the event of a data breach, but there is the persistent risk that you won’t be made aware of such a breach, and your passwords can be compromised, leading to a more personal attack on your operations.
We keep a keen eye on the world of cybersecurity here on the Best Practice News Page, so subscribe and we’ll keep you updated on the latest and most severe data breaches.
As we wrap up this piece, we’ll be sure to follow it up with a list of the best practices in response and precautionary measures when it comes to cyber attacks. We’ll talk about what to do if your organisation has been hacked, as well as propose ways in which your organisation can better protect itself.
As a reminder, ISO 27001 is an internationally-recognised information security standard that has been developed to give organisations, regardless of their size, the tools and guidance they need to protect their networks and ensure the customer data they’ve collected remains in safe hands.