How to spot a cyberattack if you aren't a security pro


How to spot a cyberattack if you aren't a security pro

Cybersecurity awareness is straightforward if you know what to look for

Business owners and executives dread receiving that call: criminals have breached their computer systems. It may happen in a flash, but this moment is often the culmination of days to months of moves by cybercriminals, finding ways into systems, gaining control, and eventually executing an attack. It's the proverbial iceberg: the breach is just the visible tip of the operation.

"Vigilance and knowledge are the most powerful ways to deter cyberattacks," says Gerhard Swart, Chief Technology Officer at cyber security company, Performanta. "It's to the benefit of the criminals if only security teams know the signs of a building attack. Fortunately, anyone can grasp the fundamentals behind a cyberattack and highlight suspicious activities."

How to spot a cyberattack

Popular culture's depiction of a cyberattack is often very misleading - the cybercriminal figure is someone sitting in a dark room, typing a few commands into a laptop, then sitting back and sipping a drink while their code causes havoc. But the reality is very different.

Cyberattacks take place in multiple stages that can happen sequentially or concurrently. Security experts often refer to a standard blueprint called the Cyber Kill Chain, developed by Lockheed Martin, which describes seven stages: reconnaissance, weaponisation, delivery, exploitation, installation, command and control, and actions.

Briefly, the stages involve:

  • Reconnaissance: The criminals find targets and research their soft spots, such as weak passwords.
  • Weaponisation: The criminals prepare tools for the attack, such as malware or deepfakes.
  • Delivery: The criminals initiate an attack to try and enter the systems, often using phishing emails.
  • Exploitation: The criminals worm into the systems and prepare for a larger attack.
  • Installation: The criminals use their extended knowledge of the breached computer systems to install more tools and backdoors.
  • Command and control: The criminals expand their control to effectively run the breached systems.
  • Actions: The criminals launch their main assault. At this point, the breach often becomes visible.

Detection is better than cure

Knowing these details, how can you spot an attempted cyberattack? There are often telltale signs to look out for, namely:

  • A surge in phishing emails targeting your or your employees: emails that are not from where they claim to be, stress great urgency, or contain unsolicited attachments or links, should be treated with suspicion.
  • Unusual network traffic or file access attempts: reports of unexpected traffic or files being accessed, especially by accounts that normally don't do so (such as a sales account trying to access financial records).
  • Account logins at strange times or unusual locations: when someone logs in at 2am or from an undisclosed location, that can be a massive red flag.
  • Stolen or lost devices: Though stolen devices can be a case of petty theft, if someone loses a phone that can authenticate account logins, there is cause to take that seriously.
  • Passwords no longer work: if you cannot access an account yet didn't change the password, there is reason to be concerned.

The above signs might also result from other causes. But as the maxim goes, just because you're paranoid doesn't mean they aren't out to get you.

Business leaders can, however, do three things to strengthen their security.

Firstly, they should support and encourage security training for their staff, including regular tests, and do so supportively. Businesses should make their employees feel like part of the solution, not the problem. Secondly, businesses should encourage general vigilance - if someone notices something strange, they should speak up. Employees should be given accessible channels to notify security concerns, even frivolous ones. And thirdly, businesses should look to invest in technology services that improve detection, visibility and reporting. Security tasks can quickly overwhelm security and IT teams, while the right security services alleviate such pressure.

"When you stop that phishing mail or inform your security admin about suspicious activity, you deal a big blow to the attackers' plans," says Swart. "When companies combine good security habits and technologies with security-savvy employees, they become a very hard target and the bad guys usually go looking for something easier."

It might seem worth taking the risk. After all, what are the odds you will be attacked? Unfortunately, they are considerable as South Africa is a major cybercrime target, and fixing the damages of a cyberattack is very costly. Prevention is better and cheaper than cure! Even if you aren't a security pro, you can help spot cyberattacks and avoid such risks.

Article Courtesy of



Performanta was founded in 2010 and has over 150 staff worldwide, including former CIOs/CISOs from large enterprises. It has a global footprint with a team of 80 analysts working in two SOCs, helping to secure customers across 50 countries, from offices in the United Kingdom, Australia, Germany, South Africa and the USA. Performanta offers a consultative approach to people, process and technology, focusing on security projects in line with adversarial, accidental and environmental business risk. With a holistic cybersecurity view, we understand the modus operandi of the perpetrator and accordingly build an intelligent defence mechanism to make customer environments less susceptible to attacks.

Press Contact:

Mantis Communications
Kerry Simpson
Tel: 079 438 3252