Could You Have Been Breached And Not Even Know It?

Cyber Criminal
If your account is breached, how would you know? A clever cybercriminal, on gaining access to an account, would not necessarily take immediate action. They may linger for some time, taking advantage of their access to explore what you have access to, examine your data, and read your email transactions, waiting for the moment to pounce. In this article by one of our security partners, we dispel some myths and examine some scary truths about how malicious actors take advantage of access.

Could You Have Been Breached And Not Even Know It?

Scary stuff, isn’t it?

Or, maybe you’re thinking, ‘Of course I’d know!’ or ‘They can’t get in. We have a robust firewall, etc, etc…’

Well let me tell you, the average time to identify a breach in 2021, according to IBM was 212 days.

That’s 212 days a cybercriminal could be sitting in your system, watching and waiting for the ideal time to strike. Usually when it’s most lucrative, i.e. jumping in the middle of an email chain to change the payment details to their own. Yes, we’ve definitely seen that done and it isn’t difficult either. What’s more, you have no idea it’s taking place because you don’t know there’s anyone in your system. In fact, the first time you’ll realise something is amiss is when the person you thought you’d made payment to, questions where it is.

They can’t get past our firewall

It may surprise you that one of the main ways cybercriminals get into systems isn’t through tackling complicated hardware deterrents. I’m not saying that these aren’t extremely important to have, but you also have to protect one of the key weak areas that is all too frequently left totally unprotected.

In the words of Kevin Mitnick, a notorious hacker, now turned good-guy:

‘Companies spend millions of dollars on firewalls, encryption, and secure access devices and it’s money wasted because none of these measures address the weakest link in the security chain: the people who use, administer, operate and account for computer systems that contain protected information.’

Is it enough if I train my staff?

If training alone was enough, then there would never be any mistakes. Humans are social beings, we like to help and thrive in doing so. This is a fact that cybercriminals prey on. They are no longer lone workers, but groups of highly skilled hackers and experts at socially engineering us poor victims into giving away vital usernames and passwords into systems like Microsoft 365.

In fact, according to the World Economic Forum 95 % of cybersecurity breaches are caused by human error.

It’s hard for us to spot suspicious emails that can look 100% authentic and even as if they’ve come from a member of our team. We work in this day in day out, so it’s almost impossible for anyone who doesn’t.

Well, aren’t we safe if we use MFA?

MFA or multi-factor authentication, basically not just being allowed in by a password, but having to provide another form of authentication by an authenticator app or code sent to your mobile phone, is much better than just a password. BUT, it certainly isn’t infallible. Cybercriminals have various methods of getting around this, but never underestimate that the easiest way for them is to have gained a person’s username and password to their Microsoft 365 account. When it calls for MFA, a high proportion of people will just accept the request, without even thinking about it. We know because we’ve seen this happen time and again!

How do they hide without me knowing?

I won’t go into technical details, but to keep it simple, in Microsoft 365, for example, if a cybercriminal managed to gain entry to your system, the main thing we have seen them do is to then set up a well-hidden forwarder. This means they can then spy on all of your email activity: every single thing you send and receive, and you won’t even know they’re there. It’s not going to tell you.

They may even set themselves up with an admin role so that they can get hold of the really important stuff in your business, and you won’t even know.

You may even have important information leave your business and you still would be in the dark.

We won a new customer recently and they had this very thing go on, but their existing IT company had no idea that they had been breached. The cybercriminals had hidden themselves nicely in the system. We were called in to double check and only through running our sophisticated Tools did we find the hidden forwarders on the system.

Threats are not always external!

It always amazes me how businesses can be so aware of external threats, but then overlook that they could just as easily have internal breaches.

How do you know who has access to your emails? Are you sure no one else has secretly granted themselves access? How would you know if they did?

Do you know if one of your employees is secretly sending files out of the business?

How long does it take you to find these things out? Could it be happening right now, or could it have been going on for some time?

We all have to protect against this kind of thing. It’s all well and good saying it wouldn’t happen, but it DOES.

It’s not all doom and gloom!

So, if people are your main weak spot and training isn’t always going to work, you may wonder how you can protect against this type of threat.

It always helps to relate back to the physical world. You put sophisticated locks and bolts onto your doors and windows to prevent entry into your offices, analogous with antivirus and firewalls for your cyber premises.

However, if you want to take more steps to ensure you are protected, you put alarms and CCTV systems that monitor and alert the minute any rogue entry is made into your business premises.

So, in much the same way you need to protect your cyber world. If any of your staff inadvertently give away their Microsoft 365 username and password and someone manages to gain entry using these, you need to know rapidly and it doesn’t matter what time of the day or night it is.

Your downtime is a cybercriminals uptime

Just because you may be sleeping in the middle of the night, enjoying an exotic holiday with your family, or tucking into Christmas dinner, don’t think that cybercriminals are taking a break too.

They use these ‘quieter’ moments to operate when they are less likely to be detected. Some of them even enjoy the ‘thrill’ of ruining Christmas by biding their time and then striking on this day, when they also feel victims may be far more likely to pay ransom demands.

Monitor, monitor, monitor

So, cybercrime is a modern-day crime we can’t get away from, but we can do something about.

Make sure you put in the necessary hardware stops like you do in your physical premises and then make sure you put in a sophisticated monitoring and alerting system that lets you know the instant any suspicious incident is detected, be it logins from an unusual area, new admins being created, documents leaving the business, people having unapproved access to your mailbox…

If you’re in the know, you’re showing ‘due diligence’ and ticking the boxes for GDPR, which is all any of us can do.

In the words of former hacker, Kevin Mitnick:

‘You can never protect yourself 100%. What you do is protect yourself as much as possible and mitigate risk to an acceptable degree. You can never remove all risk.’

However, you can certainly make it so that you can sleep easier at night knowing that you don’t have a cybercriminal hiding out in your system. Who wants to leave that to chance!

Interested in finding out more?

If this sounds like something you need help taking care of or you’re just interested in finding out more about how monitoring can improve your security posture, get in touch either via enquiries@macnamara.co.uk or connect with me (Geoff) through LinkedIn and send me a message.

Like this article?

Share on Twitter
Share on LinkedIn
Share by Email

Subscribe to our monthly newsletter

Get the best IT tips and Office ideas in your inbox

Further reading

DLP Icon

Data Loss Prevention Policies in M365

Data Loss Prevention (DLP) policies in Microsoft 365 (M365) are useful security measures designed to monitor or prevent legitimate, inadvertent or malicious sharing of sensitive information outside of an organisation. As companies have moved away from on-premises servers for file storage towards M365 SharePoint and OneDrive, more and more are using it to save all their company data. But many business are not using the full range of functionality and background security features that make M365 a truly powerful modern tool for work and collaboration.

Read More »
New Outlook

How To Add a Shared Calendar to the New Outlook

The “New Outlook” for Windows introduces a range of exciting features, intelligent assistance capabilities, and a sleek, simplified design to enhance your email and calendar experience. With these updates, you can tailor the app to fit your unique style and boost your productivity like never before.

Read More »
New Outlook

How To Schedule and Snooze Your Emails with the New Outlook

Microsoft’s New Outlook is a modern, streamlined version of the popular email client, designed to enhance productivity and provide users with a more experience. Featuring a sleek interface and improved functionality, New Outlook integrates seamlessly with other Microsoft 365 applications.

Read More »
Scroll to Top