Cyber security for business

Cyber security breach detection

Guidance

Spotting a cyber security breach is not always straightforward. Attackers often hide their activity to avoid detection and can remain undetected for months. Early detection can limit the impact of the breach on your business or customers.

How to detect a security breach

Look for warning signs that could indicate that a cyber breach or intrusion is underway. For example:

  • suspicious network activity, file transfers or login attempts
  • sudden password or account changes
  • suspicious or encrypted files in your system
  • unexpected banking transactions
  • inexplicable loss of network, email or social media access
  • leaked customer data or company secrets - see data breach
  • unusually slow connections or network issues
  • browser or antivirus warnings about infections

For websites, check for code anomalies, login failures, traffic drops, unexpected design changes or performance issues - especially those affecting availability and accessibility of your site.

See how to detect spam, malware and virus attacks.

Criminals are always developing new methods to stay ahead of defences. Stay informed on the latest threats – monitor the National Cyber Security Centre's (NCSC) cyber threat alerts or join their Early Warning Service for network alerts.

Breach detection tools

Intrusion detection systems (software or hardware) can help you monitor your network for active threats, including:

  • suspicious user behaviour
  • vulnerability in the network
  • threats in applications and programs

These tools monitor for known attack patterns or unusual activity, and alert security staff to take action. This helps contain the intrusion and limits the damage. Options range from free open-source solutions to commercial packages.

How to contain and control cyber breach

No single tool can guarantee protection against cyber breach, making it important to develop a comprehensive cyber security incident response plan in advance. Planning helps you contain and recover from any potential breach.

Use these free NCSC resources to:

If you detect an intrusion or an attempted attack on your business, you should report it to the relevant authorities.

Printer-friendly version
Actions
Cyber security: small business guide
NCSC's incident management guide
Intelligent security tools
Check your cyber security
Free Cyber Action Plan
Invest NIs ICT support for business
Also on this site
Business Crime Partnership
Protect your business online
IT risk management
Protect your business from ransomware