An indicator of compromise (IOC) refers to something left by a cyberattacker on your system. Whether this was intentional or a mistake might not be clear initially. A cyberattacker might leave an indicator of compromise directly through system activity or indirectly through system modification.
Cyberattackers often take months to implement, escalate, and position their attacks correctly. In turn, this gives your cybersecurity teams more than enough time to find and stop a potential attack. An indicator of compromise can help you determine if an attack is happening. It can also give you the necessary breadcrumbs to help you determine what the attacker is after in the first place.
In this article, you’ll learn what an indicator of compromise is in more detail. Several examples are shown where using one might prove beneficial for your cybersecurity practices.