How Digital Forensics Detectives Investigate a Data Breach
If you suspect that your company’s data has been breached or compromised, you potentially face a number of time-sensitive and highly technical questions. As seasoned digital detectives in the cyber space, digital forensics teams can help companies piece together any evidence and understand the scope of a breach. The information they discover can help you protect your business and your customers now, and help prevent future breaches.
While many companies employ IT professionals, digital forensics requires a highly specialized skill set, according to Ken Morrison, AVP of Cyber Risk Management at Travelers. While IT teams can get companies back in business following a breach, IT team members are often not trained in forensic investigation techniques that can prevent data from being altered. Travelers enlists with digital forensics firms to investigate data breaches for cyber insurance customers.
“It’s no different from any other crime scene,” Morrison said, adding “The most critical step is preservation of the evidence. If you don’t obtain the evidence properly, everything else you do may be rendered invalid if the case goes to court.”
Among the questions that digital forensics can help answer include:
- Did a breach really happen?
- What is the size and business impact?
- How did the attack occur?
A digital forensics team will examine the network and look for signs of a lingering attack, such as malware or unauthorized user accounts, or accounts with unauthorized privileges. The team can determine if an attack is still ongoing and firm up the company’s defenses to halt continuing damage. Members of digital forensics teams who have worked with a variety of companies and breaches can bring with them more experience and insight than an in-house team with more limited external exposure might.
“Digital forensics teams can dig deep and turn around lessons learned that can help a company improve their network infrastructure and security,” said Morrison.
Understanding can aid recovery
Forensics professionals work closely with a company’s crisis communications team to provide the public and customers with up-to-date information about any private information that may have been compromised, and information on the steps being taken to help protect customers against future breaches.
Getting an accurate count of records that may have been breached is especially important for companies with data that includes private, protected client or customer information such as Personally Identifiable Information (PII) or Protected Health Information (PHI), which are subject to growing state and federal notification regulations.
In the increasingly complicated landscape of data breaches, digital forensics is becoming one of the critical tools that companies can use to piece together clues about the size and scope of a data breach as they work to stem the damage, meet their legal and regulatory requirements and assure customers that they are taking steps to help prevent such a breach from happening in the future.
