For centuries, recordkeeping was strictly analog. Diaries, ledgers, and receipts were scrupulously cataloged and categorized so that they’d be ready if the need for them ever arose. In the modern age, though, all of those recordkeeping procedures have become digitized, creating a far more efficient system. Unfortunately, digitization also exposes businesses to new types of risk, as the recordkeeping and transaction systems themselves are now vulnerable to attack from outsiders.
The statistics are stark. According to recent research, 80% of information security professionals expect that their organization will suffer a cyberattack within this year alone. Additionally, a full 50% of those same professionals have noted an increase in the volume of cyberattacks compared to last year. That means that it is less a matter of ifa given business will be attacked, but when. To prepare for the eventuality of a cyberattack, it’s critical for businesses to establish procedures geared toward digital forensic readiness.
Meeting the Threat
When approaching the concept of cybersecurity, most organizations think primarily about defensive measures that are designed to mitigate attacks, provide for disaster recovery, and ensure business continuity. Those are laudable and necessary goals, reflective of the fact that the risk of attack is so high. They don’t, however, address what must occur after the attack beyond getting back to normal, and that’s where digital forensics comes into play.
For those asking themselves ‘what is digital forensics?’, the answer is simple. It’s the field of study related to the investigation of cybersecurity incidents, including identifying the attack vector, the potential reach of the attackers, and even the attackers themselves. In short, it’s how a company can find out exactly what was done to their digital systems, how severe the damage is, and who conducted the attack. Answering those questions is a necessity to shape recovery efforts and future defensive measures.
The Keys to Digital Forensic Readiness
The reason that specific measures must be in place to assure digital forensic readiness is that many of the common mitigation tactics and disaster recovery techniques in use today can actually destroy the information needed to conduct a thorough investigation of a cybersecurity incident. To prevent this from happening, an organization must:
• Identify all potential evidence sources and determine responsibility for each
• Train employees in incident response, including preserving data as soon as a problem is identified
• Establish digital retention policies that include any and all digital communications (email, social media, inter-office communications)
• Establish a legally sound chain of custody policy
• Conduct frequent audits to make sure that forensics readiness policies are being followed
A World of Benefits
Making digital forensics readiness a part of official cybersecurity policy helps to lower overall costs in the event of an incident, Reduce damage due to such incidents, and streamlines the overall response to cyberattacks. By having rock-solid evidence collection procedures, there’s also a far better chance that the perpetrator of an attack can be successfully prosecuted once identified. That in itself should be worth the effort, but there’s one other motivating factor – liability.
As more jurisdictions around the world start to codify penalties for businesses that fail to protect confidential user data, the ability to trace the precise nature of a cyberattack will become a critical part of any well thought out risk management strategy. Without it, businesses will be at risk of charges of negligence that could threaten their very existence. The good news is that it’s simple to avoid such a situation by adopting digital forensic readiness now, before an attacker strikes and it’s too late.
To read more about cybersecurity and the expanding legal exposure for global businesses, read It’s Not “If,” But When: GDPR And Banking In America.