Blog
Could you have been breached and not even know it?
Could you have been breached and not even know it?
The average time to identify a breach in 2023, according to IBM was 212 days.
That’s 212 days a cybercriminal could be sitting in your system, watching and waiting for the ideal time to strike. Usually when it’s most lucrative, i.e. jumping in the middle of an email chain to change the payment details to their own. Yes, we’ve definitely seen that done and it isn’t difficult either. What’s more, you have no idea it’s taking place because you don’t know there’s anyone in your system. In fact, the first time you’ll realise something is amiss is when the person you thought you’d paid, questions where it is.
They can’t get past our firewall
It may surprise you that one of the main ways cybercriminals get into systems isn’t through tackling complicated hardware deterrents. I’m not saying that these aren’t extremely important to have, but you also have to protect one of the key weak areas that is all too frequently left totally unprotected.
In the words of Kevin Mitnick, a notorious hacker, now turned good guy:
‘Companies spend millions of dollars on firewalls, encryption, and secure access devices and it's money wasted because none of these measures addresses the weakest link in the security chain: the people who use, administer, operate and account for computer systems that contain protected information.’
Is it enough if I train my staff?
If training alone was enough, then there would never be any mistakes. Humans are social beings, we like to help and thrive in doing so. This is a fact that cybercriminals prey on. They are no longer lone workers, but groups of highly skilled hackers and experts at socially engineering us poor victims into giving away vital usernames and passwords into systems like Microsoft 365.
In fact, according to the World Economic Forum, 95 % of cybersecurity breaches are caused by human error.
It’s hard for us to spot suspicious emails that can look 100% authentic and even as if they’ve come from a member of our team. We work in this day in and day out, so it’s almost impossible for anyone who doesn’t.
Well, aren’t we safe if we use MFA?
MFA or multi-factor authentication, basically not just being allowed in by a password, but having to provide another form of authentication by an authenticator app or code sent to your mobile phone, is much better than just a password. But, it certainly isn’t infallible. Cybercriminals have various methods of getting around this but never underestimate that the easiest way for them is to have gained a person’s username and password to their Microsoft 365 account. When it calls for MFA, a high proportion of people will accept the request, without even thinking about it. We know because we’ve seen this happen time and again!
How do they hide without me knowing?
I won’t go into technical details, but to keep it simple, in Microsoft 365, for example, if a cybercriminal managed to gain entry to your system, the main thing we have seen them do is to then set up a well-hidden forwarder. This means they can then spy on all of your email activity: every single thing you send and receive, and you won’t even know they’re there. It’s not going to tell you.
They may even set themselves up with an admin role so that they can get hold of the really important stuff in your business, and you won’t even know.
You may even have important information leave your business and you still would be in the dark.
We won a new customer recently and they had this very thing go on, but their existing IT company had no idea that they had been breached. The cybercriminals had hidden themselves nicely in the system. We were called in to double check and only through running our sophisticated Tools did we find the hidden forwarders on the system.
Threats are not always external!
It always amazes me how businesses can be so aware of external threats, but then overlook that they could just as easily have internal breaches.
How do you know who has access to your emails? Are you sure no one else has secretly granted themselves access? How would you know if they did?
Do you know if one of your employees is secretly sending files out of the business?
How long does it take you to find these things out? Could it be happening right now, or could it have been going on for some time?
We all have to protect against this kind of thing. It’s all well and good saying it wouldn’t happen, but it DOES.
It’s not all doom and gloom!
So, if people are your main weak spot and training isn’t always going to work, you may wonder how you can protect against this type of threat.
It always helps to relate back to the physical world. You put sophisticated locks and bolts onto your doors and windows to prevent entry into your offices, analogous to antivirus and firewalls for your cyber premises.
However, if you want to take more steps to ensure you are protected, you put alarms and CCTV systems that monitor and alert the minute any rogue entry is made into your business premises.
So, in much the same way you need to protect your cyber world. If any of your staff inadvertently give away their Microsoft 365 username and password and someone manages to gain entry using these, you need to know rapidly and it doesn’t matter what time of the day or night it is.
Your downtime is a cybercriminal’s uptime
Just because you may be sleeping in the middle of the night, enjoying an exotic holiday with your family, or tucking into Christmas dinner, don’t think cybercriminals are taking a break too.
They use these ‘quieter’ moments to operate when they are less likely to be detected. Some of them even enjoy the ‘thrill’ of ruining Christmas by biding their time and then striking on this day, when they also feel victims may be far more likely to pay ransom demands.
Monitor, monitor, monitor
So, cybercrime is a modern-day crime we can’t get away from, but we can do something about it.
Make sure you put in the necessary hardware stops as you do in your physical premises and then make sure you put in a sophisticated monitoring and alerting system that lets you know the instant any suspicious incident is detected, be it logins from an unusual area, new admins being created, documents leaving the business, people having unapproved access to your mailbox…
If you’re in the know, you’re showing ‘due diligence’ and ticking the boxes for GDPR, which is all any of us can do.
In the words of former hacker, Kevin Mitnick:
‘You can never protect yourself 100%. What you do is protect yourself as much as possible and mitigate risk to an acceptable degree. You can never remove all risk.’
However, you can certainly make it so that you can sleep easier at night knowing that you don’t have a cybercriminal hiding out in your system. Who wants to leave that to chance?