Top 16 warning signs that could indicate a Cyber Breach

Detect Anomalous Activity Ahead of a Data Breach

It takes companies 228 days, on average, to identify a security breach, according to IBM. Attackers use a variety of ways to avoid detection once they've infiltrated your system and stay long enough to collect as much data as possible. By the time a breach is detected, attackers might have already caused significant damage to your business, your partners, suppliers and customers. When it comes to cybersecurity, it’s never been more important to prepare proactively.

Indicators Of Compromise

  There are a few typical event types you should look for to detect an intrusion. Warning signs that could indicate that a cyber breach or intrusion is underway include:

• Login from a malicious IP address  - The IP address has been associated with suspicious behaviour.


• Atypical travel - Someone attempting to access an account from a location far from the users locations.


• Unfamiliar sign-in properties - Unusual sign-in attempts.


• Password spray - Attempting multiple passwords to gain access.


• Suspicious inbox forwarding & redirects - Forwards of email or another provider (a typical activity performed by hackers to continue to monitor emails).


• Data deletion - Large deletions of data.


• Anonymous IP address - Someone trying to obscure their IP address.


• Malware linked IP address - An IP address that has been associated with prior attacks.


• New country - Attempts from a different country.


• Leaked Credentials - Someone using login details which have been leaked.


• Suspicious email deletion activity - Deleting emails after intercepting email dialogue.


• Data copied - Large copies of data.


• Login from a principal user not seen in 60 days - Login after a long period of inactivity.


• Vulnerability scanner detected - Attempts to scan for exploitable vulnerabilities.


• Suspicious User Agent detected - Using a suspicious web client to access resources.


• An event log was cleared - A hacker attempting to hide their activity by clearing the event logs.

APEX® Advanced Threat Detection provides organisations a way to detect cyber-crime early. It uses machine-learning to identify risky activities, and the knowledge of your staff to determine whether these activities are a threat in progress. APEX® ATD brings the mean time-to-detect down from 228 days to hours.