Cybersecurity Investigations
29.09.2022
Back to blog listCybersecurity Investigations
Digital investigations
Business activity has long been supported and enabled by technology. Currently, we are witnessing the emergence of new business models that operate entirely in the digital space or would simply not exist without it.This development vector is leading to ever-increasing volumes of data that can be used to clarify facts in the case of fraudulent actions. However, at the same time, the amount of challenges for investigative work increases too, as the relevant information is spread among numerous data sources, structures and volumes. Despite these challenges, information, kept digitally is the core issue of any investigation of fraudulent acts. There are data sources which structure changes slow, for example ERP, or logistics databases. At the same time, new data sources, such as transaction data, messengers or cloud service providers are emerging. The analysis of such sources is a technical and legal challenge. However, such circumstances bring in opportunities for new investigative approaches, which may be implemented as well. New regulatory frameworks are evolving both at national and international level. They make companies face up with new challenges, but their aim is to make organizational structures more safe and resilient. For example, the question of data protection adequacy of data backups is becoming more and more complicated, however, it obviously doesn’t lose its relevance. Efficient implementation of data protection regulations’ requirements helps to ensure data protection and mitigate attributed risks. Therefore, it’s crucial for digital forensics experts to permanently improve and adapt their investigative methods and technology to keep pace with changes, taking place rapidly.
Make sure all engines of investigation are involved in well-organized performance.
Digitization and cybersecurity: double challenge for corporate management
Cyberattacks pose a substantial threat to companies of all types and sizes. The 2017 attack with the extortion Trojan NotPetya alone costed global shipping company MøllerMærsk nearly $300 million. In case a hacking attack is successful, companies face the threat of claims from customers, suppliers, cooperation partners, etc. based on contractual and legal bases for claims. Since cyber attacks usually also have data protection implications, there is also a risk of severe fines or at least a risk, connected with unexpected expenditures due to investigations, conducted by the authorities. What’s more, the trend of filling claims against executives in case of a data security incident occurrence has taken place recently.
Cybersecurity is not a delegable matter for the board of directors
For managers, this situation causes a double challenge. On the one hand, they must adopt their company or organization for the future by focusing on advancing technologies and digitization. If they fail to do so, they risk losing market share, sometimes even threaten the company's very existence, which, in turn, is also a serious risk to their own jobs. On the other hand, they must pay equal attention to the risks, which originate from digitization. Many managers are not aware of this double challenge and the ongoing dangers. Often, employees believe, that they can exculpate themselves from liability by referring to some issues, such as the lack of departmental responsibility. However, cybersecurity is not a delegable matter for the boss. The legal situation is clear: if a company is not adequately protected and a successful hacker attack occurs, top managers are liable. In addition to compliance with requirements, companies should rely on powerful and recognized cybersecurity tools
In order to deal with the mentioned earlier issue, a defensible information security management system is required. It is important to use commercially available, high-performance tools to counter the threat of cyberattacks. These tools are also the key tools for conduction of a cyber investigation, which are equally useful for organizations' staff members, executives and digital forensic experts. In addition to regular penetration tests (simulated hacker attacks), the company's own IT infrastructure should also be subject to constant monitoring by a vulnerability scanner. The most efficient scenario is when the implementation of complex approach is conducted. There are a few information security tools, which help to prevent an external intrusion, block the illicit data transfer, check the network for vulnerabilities. In terms of digital forensics, one of the most efficient tool may be a DLP system. First of all, it helps to control all data transmission channels and makes the recordings of suspicious activities. The most advanced tools also provide plenty of other functions, such as checking of passwords reliability, watermarks creation, detection of monitor photographing attempts. Thus, protective tools on the one hand, help to significantly reduce risk of information security risks occurrence, and on the other hand help to obtain detailed evidence base, which can help to mitigate the incident’s consequences and detect the culprit of the incident (which is important in order not to charge an innocent person).