What are indicators of compromise (IoCs)?

Indicators of compromise (IoCs) are key artifacts or signs that suggest a breach has occurred or is actively occurring within a network or system. The identification of IoCs helps security professionals in detecting, responding to, and mitigating potential threats or breaches.

Unusual network traffic and unauthorized access attempts represent concrete examples of IoCs. Unusual network traffic may indicate that an attacker is exfiltrating data or communicating with command-and-control servers, which are common tactics used during cyber attacks. Unauthorized access attempts signal that someone is trying to infiltrate a system or resource without proper credentials, which raises immediate suspicion of malicious activity. Both of these signs fall directly under the category of IoCs since they provide actionable insights into potential security incidents that need attention.

In contrast, the other options provided do not effectively encompass the broader definition of IoCs. Network failures may occur for various operational reasons and are not necessarily indicative of a security incident. Signs of physical theft in the workplace may reflect security breaches, but they do not address digital compromise. Similarly, regular employee logins to unauthorized systems could indicate negligence or policy violations, rather than direct indicators of compromise; IoCs focus specifically on activity that suggests an actual threat to the integrity of systems and data.