How to Detect a Data Breach | Insider Threat Monitoring

by Veriato | Jan 28, 2019

Recent findings report that on average, 96 percent of systems across all industry segments have been breached. While you should absolutely update your information security system and protocols to provide the best protection you can for your data, you should also know how to spot a data breach. Unfortunately the odds of escaping one aren’t in your favor, but you can increase your chances of spotting a breach quickly and containing any damage.

The best way to spot a data breach is to watch your systems for any abnormal activity. Monitoring software can help you detect any strange behavior, and your entire IT team should be educated to spot red flags.

Before you will be able to detect a data breach, you will need to establish baseline behavior for your network and users. A baseline lets you know what is “normal” activity so you’ll be able to judge if any activity falls outside of that range. Software packages can establish those baselines for you, as well as send you alerts of any activity that doesn’t align with baseline standards. You can immediately investigate those actions and work to contain a breach.

Many actions and user behavior may be signs of a breach. Here are a few to watch out for, as well as make sure your software is monitoring:

  • Abnormal login times and time spent working
  • Slow network speed
  • heavier than usual network traffic
  • New users or devices on the network, or trying to connect to the network
  • Newly granted admin privileges
  • Malfunctioning software
  • Download or installation of new or unapproved software
  • Errors or gaps in application and system logs
  • Firewall has new open ports
  • Numerous failed logins
  • Unusually high activity for individual users

By watching and monitoring for these unusual behaviors and other activity that falls outside your network’s baseline, you will be able to quickly detect data breaches and contain any damage or fallout.