Forensic readiness crucial to smooth operations| #eBizWires
Businesses of every type and size cannot run without information technology. The benefits and opportunities for innovation are numerous, but so are the risks.
Should the business fall victim to a security breach, or a natural disaster that brings it to a standstill, it needs to recover and get up and running as soon as possible. “For this reason, all organisations need to have strategies in place to cover incident response, awareness training, disaster recovery and business continuity,” says Simon Campbell-Young, Managing Director at Credence Security.
Not only can security events cause downtime and recovery hassles, they can also result in legal complications, insurance claims and regulatory issues. During the course of recovery and investigation, there may be claims against third-party partners, employees or even the business itself, depending on what led to the incident.
“The company needs to establish what caused the event. It could be carelessness or negligence; it could be malfeasance or fraud,” he adds. “This is why analysing the event and collecting digital evidence has become crucial.”
According to Campbell-Young, all incidents will leave digital footprints. “Irrespective of the system or device, a trail is always left. This is where cyber forensics, or using IT and legal knowledge to analyse and use the digital evidence found, comes in.’
Cyber forensics is mostly used for investigations that, due to regulatory or criminal elements, will end up in court, and as such, the evidence needs to be collected and stored in a legally acceptable manner. “This evidence is easy to lose or distort, and must be handled and preserved in a manner that guarantees that this hasn’t happened.”
He says there are several digital forensics tools and techniques that can be used to trace the trail of an event, recover any lost data and files, as well as for monitoring to establish whether any abuse has occurred. “But perhaps its most valuable application is the way these tools can be used to identify what caused the incident, and to gather evidence for use by law enforcement and the legal system.”
Every day, in the course of the running of the business, a slew of digital data and records are generated. “All these records and other bits of information can become critical pieces of the puzzle in the event of a security breach. Much of this data is stored and preserved as a matter of course by the disaster recovery and business continuity processes, as well as the data retention policies. All businesses have backup files, system monitoring logs, and even camera footage. However, there is a lot of digital information that isn’t stored automatically, and might be needed should a security event occur.”
Campbell-Young says this evidence could take the form of IM chats or emails, or even SMS messages on smartphones and other devices. “It is impossible to predict exactly what data may be required in the event of an incident, or whether it will be needed for regulatory purposes, or merely for an internal investigation.”
He says this is why forensic readiness is so important. “Forensic readiness helps a business automate its actions and activities so that retrieving digital evidence becomes second nature, without any issues. “The ideal is to have systems in place that record and store digital evidence in the legally appropriate manner as a matter of course. In this way, irrespective of the incident, the evidence is available, without having to impact on operations or productivity.”
About Credence Security
Established in 1999, Credence Security, previously ARM, the regions speciality distribution company, specializes in IT security, Forensics and Incident Response. Working closely with leading IT security vendors including AccessData, Fidelis CyberSecurity, eSentire and Digital Guardian, Credence Security delivers Cyber and IT Security technologies and solutions that protect organisations against advanced persistent threats, malicious adversaries and internal malpractice.
- The sick note – of major significance to South African business - July 20, 2018
- The importance of the digital in-store experience | #eBizInsights | Cecil Ungerer - July 17, 2018
- The blockchain to redefine insurance | #eBizWires - July 16, 2018
- Kenya’s new-look tax plan will impact on local operations – CRS Technologies | #eBizWires - July 16, 2018
- Being (Almost) Fifty | #eBizInsights - July 11, 2018
- CREATING LEADERS, TRADING ON SUCCESS | #eBizInsights - July 11, 2018
- Embracing the science of data |#eBizWires - July 11, 2018
- Elingo goes with Gartner’s best to showcase tech power at G-Summit - July 4, 2018
- Australian Data Specialists, Satsumas, join forces with ABM Systems | #eBizWires - July 3, 2018
- Sassa local offices open for card swap | #eBizWires | Martie Gilchrist - July 2, 2018
- The sick note – of major significance to South African business
- The importance of the digital in-store experience | #eBizInsights | Cecil Ungerer
- The blockchain to redefine insurance | #eBizWires
- Kenya’s new-look tax plan will impact on local operations – CRS Technologies | #eBizWires
- Being (Almost) Fifty | #eBizInsights
- CREATING LEADERS, TRADING ON SUCCESS | #eBizInsights