While the digitalisation of the business landscape offers never-before-seen opportunities, it also makes organisations more vulnerable to cyberattacks and breaches. Forensic readiness is the capability to be able to preserve, collect, protect and analyse evidence following such incidents so that it can be used effectively in security investigations, in disciplinary proceedings, in employment tribunals or in a court of law. It is a measure of an organisation’s capacity to maximise its potential to use digital evidence while minimising the cost of an investigation and its impact on business.
While many organisations are aware of the importance and need for disaster recovery and business continuity plans, digital forensic investigations are still, for the most part, ad hoc affairs conducted after an incident. In a recent survey, 49% of executive and C-level respondents admitted that their organisation does not conduct forensic readiness exercises such as cyber wargaming (live test scenarios developed specifically with the businesses weakness and current security trends in mind). More than a third (34%) indicated that they do not know their individual role within their organisation’s cyber incident response plan.
Proactivity is key
Such a reactive approach is inappropriate on many levels. For a start, it puts extreme pressure on the investigation team to gather and process digital evidence before it becomes unavailable or gets modified. There’s also likely be increased disruption to business and damage to reputation, particularly during the response phase, when keeping the cyber incident under control is the primary focus. Organisations face a considerable loss of revenue and clients, as well as the negative consequences of breaching regulations and law. It is therefore vital for organisations to become proactive, creating and maintaining conditions that will enable them to be prepared to respond quickly and effectively to any security breach.
Having the plans, policies, skills and capability within the business to gather, preserve and analyse digital evidence in the immediate aftermath of an attack – including legal and PR support, staff policies and procedures, asset inventories, geographical implications, etc – can help get the business back up and running sooner and minimise impact. With a plan already in place for gathering, preserving and analysing digital evidence, businesses can also focus on understanding the origin of an attack, taking steps to ensure it doesn’t happen again and beginning legal action where necessary.
>Other benefits include: minimising the time and money spent on investigations; reducing disruption to operations; blocking the opportunity for malicious insiders to cover their tracks and deterring them from carrying out further activity; reducing the cost of meeting regulatory or legal requirements for disclosure of data and showing due diligence; and establishing good corporate governance and regulatory compliance practices. Having good information management policies, such as a forensic readiness policy, helps garner goodwill for the organisation, providing customers with a feeling that their transactions are secure and protected, and reassuring investors that threats to their returns are minimised.
Forensic readiness can also help to reveal potential incidents before they become a serious problem. It allows cyber threats to be uncovered, traced and prevented.
Businesses no longer ask how they can respond to a cyber incident when it occurs. Instead they’re asking themselves ‘how often will we need to respond’ or ‘how do we withstand persistent attacks’. Having forensic readiness and providing employees with the knowledge, practice and skills they need can help organisations mitigate risk through preparedness and increase overall business resilience.
Forensic readiness requires a great understanding of cyber security, the threats involved and an in-depth knowledge of the industry and business at risk. As these attacks become more and more common, businesses are employing specialists to mitigate the risks and help them recover more quickly. Designed specifically for ambitious professionals, the University of York’s online Computer Science with Cyber Security MSc means you can earn a Masters degree in an in-demand field from a world-class Russell Group university without putting your current career on hold. You can access course material and study any time, anywhere, on a variety of mobile devices, and with six start dates a year to choose from, you can start when best suits you. There’s also the option of paying per module so that you can split the cost of tuition fees across the duration of study. You may even be entitled to a UK government-backed postgraduate loan to cover the full cost of the course.