Organizations are being breached every day at an outstanding rate. Hackers typically do not discriminate on the size of the organization, but rather focus on how soft the target is. In layman’s terms, this means how easy it is to get around a target’s security.
Most people mistakenly believe that when they are breached, they will know. This isn’t always the case.
In this blog, we discuss how small businesses can discover if they have been breached and methods to decrease the time between a hack and the discovery.
Hackers Don’t Discriminate
A hacker may choose to attack a business or organization for a number of different reasons: to stick it to the man, for a righteous cause, to increase the size of a botnet, to obtain a source of revenue, etc. There’s a misconception from many small business owners that I talk to, who believe they won’t be a target because of the size of their business.
Unfortunately, those business owners are wrong.
Step into the shoes of a hacker for just a moment. Who’s business would you break into? One with cameras everywhere or another with no visible cameras, no lights on, and a nice dark alley to enter to use to sneak in?
Probably the second, which is a metaphor for a small company on the internet. Most of these entrepreneurs have little to no security in place to stop or detect online attacks of their business.
How Do I Detect an Attack?
Detection starts by having defenses in place. Luckily, software and tools that put these defenses in place are relatively cheap or even free to implement in 2019.
So, now where should you get started?
The first step is to make sure you have antivirus software installed. If you’re using a PC, Windows Defender has a close detection ratio to many paid services.
This kind of service doesn’t stop a motivated hacker, but it does increase the difficulty of a hacker’s task. With multiple free options like Windows Defender available, taking the first step is easy.
Secondly, I recommend EDR tools. EDR stands for Endpoint Detection and Response, which essentially means you have more insight on what’s going on across all of your computers. Back in the day, EDR tools were expensive to own, but antivirus vendors these days are including these tools as part of their antivirus offerings, and they usually do so at a reasonable price.
Unlike normal antivirus solutions, EDR tools tell you the chain of activity around an event. This comes in handy during an investigation and has much more advanced detection capabilities than basic antivirus software. Additionally, for IDSA and HIPAA compliance, this tool helps satisfy your logging requirement for endpoints.
Thirdly, I would recommend using a code scanning solution for your website. Code scanning solutions look for malicious snippets within the code that is used to build your website. With the development of programs such as bug bounties, flaws in code are being discovered at a very rapid rate every day.
Both the good and bad guys are taking advantage of discoveries and out-of-date servers; to help prevent malicious acts; it would be prudent to invest in code scanning services. These services are sometimes referred to as a site scanner and are typically affordable enough to implement no matter how small your business might be.
Lastly, you can rely on someone else to report issues directly to your desk. This route isn’t optimal but has become more common over time.
Independent researchers and law enforcement are the most likely people to conduct these reports. Unfortunately, depending on how small your business is, the feasibility of having a company monitor your network might not be feasible.
The fact is, most businesses no matter their size find out about a breach well after the attacker has taken over their network.
Having serious detection capabilities costs money, which small businesses don’t always have available to spend.
For this reason, your best bet is to invest in the areas described above and to make sure that you’re educating your entire company about the dangers of hacking. User awareness training is the most cost-effective and impactful investment you can make as a business owner.
Make sure you follow any regulatory guidelines for technical implementations and invest in your people. Also, make sure you have a good layered defense implemented and always maintain updates. These activities often deter many attackers, much like having a camera in your shop may prevent a criminal from robbing your store.
To learn about some of the topics we spoke about, refer to our other blogs:
Co-founder + Ethical Hacker
Micheal has over 13 years of combined experience in Information Security, Information Technology, and Physical Security. He has tackled some of the most daunting certifications in the industry and his passion for the cyber world is unparalleled with exposure to virtually every industry. He continues to hone his skills in Incident Response, Penetration Testing, and Consulting. Recognizing the need for change in cyber security, he volunteers to help entrepreneurs, veterans, and recent graduates.