Sometimes you don’t know your system has been hacked until it’s too late. The following guest post from cybersecurity defense expert Craig Petronella, based in Raleigh NC, spotlights three early warning indicators.
By Craig Petronella
Precursor warnings can only go so far when it comes to prevention of possible forthcoming attacks. While staying up to date on vendor advisories, intelligence sources, and security blogs are certainly important, it comes as too little too late for some victims. According to FireEye’s “M-Trends 2018” report, the global median dwell time between infiltration and discovery was 101 days in 2017, ranging from 75.5 days in the Americas to a whopping 498 days in Asia-Pacific. Do you know how to detect a breach on your network?
Below are three common event indicators that may signal your system is compromised.
The end of the year is a stressful time for everyone, but it’s especially stressful for lawyers and legal professionals. Closing out case matters, completing Q4 financials, shopping for presents, making holiday plans. There never seem to be enough hours in the day to get everything done. The key to easing your stress could be Micro Self-Care. What’s Micro Self-Care? Attend our annual wellness webinar “What is Micro Self-Care and Why Do You Need It?” on December 14 and find out. The presenter, Michael Kahn, is a JD and licensed therapist who concentrates in treating lawyers struggling with stress, depression, substance use disorders, and other career issues. This free, one-hour webinar is the latest in Alta Pro’s ongoing series of cutting-edge legal education programs. Sign up here.
Three Signs That Your System May Be Compromised
- Unusual Activity. Unusually high system or network activity, abnormal login times, abnormal login locations, unexpected user lockouts and unusual network ports activity can all be signs someone is working within your system.
- Software Issues. Every system has glitches, but repeated application crashes can signal something deeper. Configuration changes that can’t be traced back to approval, firewall changes, the presence of unexpected software or system processes, installation of startup programs, even repeated pop-ups on the web browser are all signs you need to look into a possible breach.
- Alerts. Notifications from your malware protection solutions as well as disabled solutions are obvious signs of an issue. So is a ransomeware message from an attacker. Internal reports can be very valuable sources, as often employees are the ones reporting issues. More subtle alerts, such as reports from outside contacts that they received unusual messages from your email or social media accounts should also raise suspicion of attack.
If you experience any of the indicators above do NOT alter anything on the suspected systems. Contact your IT expert immediately. If you are the IT guru, collect as much evidence of the breach as possible: log files, disk information, malware samples. Make a list of active users and network connections. Obviously, if the breach involves leaking personal information or intellectual property, it is better to stop the leak before gathering all the evidence. Also, check with your peers for potential containment solutions. This allows you to learn what others have already done to contain the incident and recover from it.
About the Author
Craig A. Petronella is the CEO of Petronella Technology Group Inc, a cybersecurity group that specializes in helping law firms with security and compliance. With 30 years of experience, he is the author of “How Hackers can Crush your Law Firm,” Peace of Mind Computer Support” and other titles. MIT Certified: AI, Blockchain & Hyperledger. Phone: 919-601-1601; Helpdesk Support: 919-422-2607. For information about a cyber-crime risk assessment call: 1-877-468-2721
Read “Cybersecurity Tips: Typical Signs of System Infiltration” by Craig Petronella here. (Post reprinted with permission.)
If you practice in Wisconsin, Texas, Minnesota, Ohio, Illinois, Indiana or Michigan, you can stay on top of ethics and risk management news by being a member of Alta Pro Lawyers RPG. You’ll get access to free webinars, the Pro Practice Playbook, Reminger ProLink, Ask the Risk Pro and more. Here’s how to join.