One of the biggest challenges with account breaches is how long they go unnoticed. If someone gains access to Microsoft 365, Google Workspace, or email, they often don’t start deleting files or spamming. Instead, they quietly observe, gather data, and wait for the right moment.
According to IBM’s Cost of a Data Breach Report, it takes an average of 204 days to detect a breach and another 73 days to contain it. That means attackers can lurk for nearly nine months before being stopped. Some reports put the average dwell time at 280 days, two thirds of a year.
It depends on the attacker. Sophisticated ransomware groups may corrupt backups for months before striking, while corporate espionage teams siphon data even longer. Smaller gangs or hacktivists, on the other hand, usually move fast, days instead of months. That’s why you need to spot the warning signs early.
Signs an Account Might Be Compromised
• New or changed MFA methods; attackers may disable or alter them.
• Unexplained account delegations or admin changes; hidden permissions are a red flag.
• Unusual file downloads or uploads; could signal data gathering.
• Notifications from external services; odd views or comments on shared items.
• Unexpected app alerts; may indicate silenced alarms.
• Changes to security or logging settings; sudden stops could mean sabotage.
What You Can Do This Week
• Enable MFA everywhere. It blocks most account takeovers.
• Do weekly sign-in spot-checks for odd times, devices, or locations.
• Audit email rules and delegations. Remove anything suspicious.
• Set alerts for logins from new devices or repeated failures.
• Monitor admin/security settings to catch quiet changes.
The longer attackers stay, the more damage they do. Breaches lasting over 200 days cost far more, around $5.46 million on average. The worst breaches are often silent until too late.
With a clear eye on the signs and a few proactive steps, you can catch them early. If you’d rather not dig through logs, we’ll handle it for you, monitoring activity, watching for changes, and alerting you at the first sign something’s off. All you need to do is reach out.