SDN Blog

Look for unusual network activity to help detect breaches

Posted on Wednesday, February 14, 2018 in Cyber Rx

Blog written by

Data Breach, What to look for


Network breaches are serious problems, but even IT professionals sometimes have difficulty detecting them early.

On average, organizations take 191 days to detect a breach and 66 days to contain the intrusion, according to a study by the Ponemon Institute, a Michigan company that conducts independent research in areas such as privacy, data protection and security policy.

As the study points out, the faster a breach can be identified and contained, the lower the cost to the victim company. Consider this:

  • About 52 percent of all data breaches in the United States are the result of malicious or criminal activity.
  • 24 percent of data breaches are the result of system glitches.
  • 24 percent of breaches are caused by human error.

Of course, humans often get tricked into unwittingly assisting criminals. I’m not sure how that reality factors into those numbers.

The cost of breaches vary from country to country, and the United States tops the list in terms of expense, according to Ponemon. In the United States, the average cost of a malicious or criminal data breach was $244 per compromised record.


What is the cost per compromised record at your business?
CyberRx can help you determine that and the chances of a successful breach.

Learn About CyberRx


A lot of small businesses in the Sioux Falls area probably could not survive a breach that involved thousands of compromised records.

I recently interviewed Ola Sage, who is the founder and chief executive officer of two small technology companies. One of her businesses, Maryland-based CyberRx, developed software designed to help businesses work through detailed, federal cybersecurity guidelines to assess and strengthen their protection strategy. SDN is a reselling partner of CyberRx services.

Sage’s other business is e-Management, an IT services company that serves federal government clients.

Among the question I asked ask Sage was what small businesses should look for to detect breaches. She offered some suggestions, including:

  • A lot of system activity at unusual times.
  • The appearance of confidential or proprietary company information on the internet.
  • The experience of suffering a Distributed Denial of Service (DDoS) attack, which can prevent legitimate users from accessing a network or its services.
  • A privileged user account that has system activity at an unusual time.
  • The light on a webcam comes on briefly for no apparent reason
  • A user gets an email with or without an attachment from a colleague and discovers the email was not sent by the colleague.
  • Network logs appear to be tampered.

Additionally, Sage says, small and midsize businesses must keep their guard up for threats, such as email scams in which criminals use social engineering to access accounts and conduct unauthorized fund transfers.

Ransomware attacks also have become a common and serious threat, she said. Criminals use ransomware to encrypt a company’s files and make them unreadable until ransom is paid.

Obviously, the best strategy for fighting breaches is to prevent them. That requires a multi-layered approach to protection.

“You want to be proactive and continually assessing your environment to make sure you’re not susceptible,” said Jon Scarbrough, director of IT for SDN Communications.

Businesses need to have their defenses up for each of a variety of attack vectors, Scarbrough said.

A firewall needs to be in place to block infected traffic, for example, and antivirus and anti-malware software should be used to help detect and remove threats, he said.

Scarbrough also advises that businesses keep up with the OWASP Top 10, which is a regularly updated list of some of the most critical web application security risks. OWASP stands for the Open Web Application Security Project, an online community supported by the nonprofit OWASP Foundation. OWASP provides free reports and strategies to help companies address vulnerabilities.

Good, ongoing training for employees is necessary to reduce threats from phishing, which are attempts by hackers to trick someone out of passwords, account numbers, other sensitive information or even cash.

For information on cybersecurity products and services available to businesses from SDN, visit the Cybersecurity service pages or call 800-247-1442.