“Incidents can be stressful situations where mistakes happen because of the added stress, rehearsing them reduces the chances of error and helps identify issues with the plan in advance,” says Harsh Behl, Director of Forensic Product Management, Exterro, in an exclusive interview with ITSecurityWire.
ITSW Bureau: How can enterprises effectively counter challenges related to data volume, and its ever-growing complexity, in environments that are increasingly vulnerable to cyber-attacks?
Harsh Behl: Digital data has never been more spread out than it is right now, which creates vulnerabilities and leads to increases in digital misconduct and cybercrime. When it comes to an enterprise’s readiness to be able to detect, stop or respond to a cyber-attack, there are many things that should be taken into account. From knowing what data resides where in the organization, to protecting PII and sensitive intellectual property, an organization needs to rely on best-of-breed technologies to help them strengthen their security posture.
The most effective way to counter challenges to data volume and cyber-attacks is simply reducing the amount of data volume with a robust retention and destruction process in place. The less information an enterprise will have, the less impact of a cyber-attack. This starts with understanding all the information and where it lives – paper, tapes, cloud, etc. This would be part of a comprehensive data inventory schedule that includes retention. However, just creating a schedule without operationalizing it is the same as not having a retention schedule.
Documenting processes that include destruction of information, taking into account legal holds, is essential. Doing this manually will not be effective or scalable, so automating as much of this process as possible will be paramount to effectively counter the challenges of data volume and cyber-attacks.
It is also important that the IT security workforce (e.g., the human brain) is complemented by technology solutions that can adapt to the rising challenges of the market and perform at scale in demanding situations. This can keep organizations one step ahead of the threat or attack vectors. Whether they’re dealing with a cybersecurity attack, IP theft or internal investigation, organizations must understand the importance of response time and processes that should be followed to ensure good compliance with their legal governance risk and compliance of their organization.
ITSW Bureau: What steps can law enforcement agencies take to integrate all of their data sources to reduce potential backlogs during forensic investigations, without compromising their security?
Harsh Behl: With the increase in the global digital footprint, it’s become very evident that digital crime has increased as well. Because of growing electronic data sets, investigators are over-burdened with the amount of data they need to collect and investigate, resulting in a substantial backlog within law enforcement agencies.
In order to reduce this case backlog, agencies must invest in more powerful technology, and empower more people to utilize that technology. It is imperative to build a cohesive partnership between the examiners and the technology used, which can make forensic labs more productive with limited training. Labs need the latest and greatest technology to forensically triage, process, and prepare the data for review. It is also extremely important to provide digital forensic solutions that can understand the role humans play in the workflow, and automate their repetitive efforts, to bring speed and scale to the investigation.
Forensic integrity, reliability, defensibility and repeatability are the pillars of forensics that should never be forgotten because, at the end of the day, the work being done in digital forensics could ultimately result in the successful conviction of the criminal, or allow them to go free.
ITSW Bureau: How can enterprises easily determine which of their vendors pose data privacy risks? What steps can enterprises take to strengthen their incident and response management systems?
Harsh Behl: Enterprises need to first start off with understanding that their third-party vendors are, where they are located, what information they process, how they protect that information, and how and when they destroy that information. This would all be part of a comprehensive data inventory that includes third parties. Once they have this, they can then start to determine which vendors pose a privacy risk based on the information they handle and how they protect it. For those vendors that process information categorized as higher risk, privacy-centric assessments would be suggested.
Most if not all enterprises have a documented incident and response plan in place. Strengthening starts with ensuring secure communication, encrypted and secure collection of evidence and information, establishing a single source of where the information will live, having readily available audit logs of an incident and most importantly ensuring the process is rehearsed. An incident plan that has not had a tabletop or simulated response exercise is a weak response plan. Incidents can be stressful situations where mistakes happen because of the added stress, rehearsing them reduces the chances of error and helps identify issues with the plan in advance. The best way to address all of the issues mentioned including tabletop exercises is to look to automate the process as much as possible to make it as efficient and mistake-proof as possible.
Harsh Behl is responsible for overseeing the entire product lifecycle for the AccessData legacy, now Exterro Forensic products, including the FTK® suite of products. As the air traffic controller for product releases, Harsh talks to customers and prospects in the market about their needs and pain points and has developed an in-depth knowledge of what the market is looking for from their forensic tools. Prior to joining AccessData, now Exterro, Harsh was on the front line, working as an evidence analyst and forensic investigator, forensic consultant and a technical engineer. His hands-on experience and expertise provides a unique perspective that results in products that are easy-to-use, intuitive and practical.