Cyber security for business

Cyber security breach detection

Guide

It's not always easy to tell if your business has experienced a cyber security breach. Attackers use a variety of ways to avoid detection and stay in your system long enough to harvest as much data as possible. Sometimes, it can take months - and often longer - to realise that an attack has taken place. By that stage, it may have already caused a significant impact on your business or customers.

How to detect a security breach

Detecting cyber attacks is a challenge even for the experts, but certain warning signs could indicate that a cyber breach or intrusion is underway. For example:

  • suspicious network activity (eg strange file transfers or log in attempts)
  • sudden changes to critical infrastructure or system passwords and accounts
  • suspicious files in your system, which may or may not have been encrypted
  • suspicious banking activities and transactions
  • inexplicable loss of access to your network, email or social media accounts
  • leakage of customer details, client lists or company secrets
  • unusually slow internet connections and intermittent network access
  • error signs or warnings in browsers, anti-virus or anti-malware tools alerting you to infections

See how to detect spam, malware and virus attacks.

If you have a business website, you should monitor it for any anomalies that may suggest an attack may be in progress. For example:

  • unexplained inconsistencies or questionable extras in your code
  • problems with administrative logins or accessing management functions
  • unexplained changes in traffic volume (eg sudden and drastic drop)
  • unexplained changes in the design, layout or content of your site
  • performance issues affecting the availability and accessibility of your website

Criminals are constantly finding new ways to exploit vulnerabilities, so it's important to be aware of current and emerging threats.

Staying up to date with the latest threats

You can keep an eye on the latest cyber threat alerts or subscribe to the Early Warning Service from the National Cyber Security Centre (NCSC) to learn of potential cyber attacks on your business network.

Breach detection systems

Breach detection tools (also known as intrusion detection tools) can help identify threats inside your network. They are either software or hardware products capable of recognising active threats and alerting relevant security staff that they need to take action. For example, you can set up these tools to monitor the network and send an alert if they suspect:

  • suspicious user behaviour
  • vulnerability in the network
  • threats in applications and programs

These tools focus on identifying intrusions after they happen, containing and controlling the breach, and mitigating the damage. Many different products exist in the market, from open source tools to commercial packages. Read more about business data breach and theft.

How to contain and control cyber breach

Security and data incidents are becoming increasingly frequent. No single product or method can guarantee that your business' cyber defences will hold. That's why it is really important to consider and decide in advance how you will manage your response to a cyber breach.

You should develop a comprehensive cyber security incident response plan to help you contain and recover from any potential breach. Detailed guidance on this is available in the NCSC's:

If you detect an intrusion or an attempted attack on your business, you should report it to the relevant authorities.