Products & Solutions
It may seem relatively easy to answer when first asked the question, but can you confidently say that the environment you currently work in is forensic ready? Looking back at how technology has progressed over the past few years, it seems obvious to us now that IT, Security and Forensics professionals would inevitably cross career paths and have to coexist in the melting pot that is today’s corporate and technology landscape.
Policies are frantically being drafted and signed off to address the existence of mobile phones, wireless devices, smartphones, tablets and so much more that enter and leave thousands of offices across the country each day.
It seem as though the endless hours and millions of Rands spent on strategy meetings, ‘new generation’ solutions and policy reviews, in trying to prevent sensitive corporate data from leaving the environment, have not helped us prepare for the event of data actually leaving the environment.
Terms such as Big Data and BYOD have sparked so many debates, that we have actually lost sight of our data, and the ability to react, in a forensically sound manner, to incidents of fraud, theft, loss of data and more. Whether or not you currently have policies and systems in place that address how data enters and leaves your organisation, the question still remains and is currently more critical than ever. In the event that an unplanned or unwanted incident occurs, are you forensic ready?
For any business to successfully exist in today’s financially strapped economy, they have to send and receive data, and plenty of it. Firewalls, DLP solutions, SIEM and monitoring tools all have their place and function incredibly well, if configured correctly, but they alone, will not stop data from being sent and received. If they did, business would quite simply not be done.
So before causing an unnecessary stir, I am not saying that proper solutions and policies are not effective, but I am saying that all of these elements need to work far better as a unit, in order to effectively support, secure, discover and investigate corporate data, thereby enabling business, not hindering it. After all, it is surely only by embracing our shortfalls, that we can remedy them.
Through my experience, I have seen state of the art environments, supported by highly skilled staff members that do not know where to begin when responding to an incident that observes company policy, forensic best practice and legal requirements. I have also seen the complete opposite. The point is that not everyone is trained, experienced or quite frankly cut out to perform certain tasks. It is extremely unrealistic to expect every “IT guy” or department, for that matter, to understand Networking, Security and Forensics on top of what is already expected. The weight of that responsibility will in one way or another manifest itself in a manner that can only be detrimental to business. Disgruntled employees, financial gain, fame, or just plain old fashioned maliciousness, can be the straw that breaks the camel’s back.
If you are content in; not knowing why certain incidents occur, not having any recourse against that threaten business and your livelihood, not needing means of accountability, or not understanding your environment and data in its entirety, then you’ve probably read too far already. If however, the aforementioned is not acceptable to you or your business, then it’s time to take an honest hard look at where your strengths and weaknesses lie.
While your strengths may certainly be the skilled resources that make up your technical department, do you, or more importantly, do they understand the importance the role of forensics and the value in ushering in proactive forensic readiness, has in your environment? Do you measure your strengths and weaknesses equally?
It is almost a certainty that at some point, you will suffer a loss of data either unintentionally or maliciously. It may translate into financial losses, damaged reputation, loss of customer base or the competitive edge that you have worked tirelessly to protect. There may also be no loss at all. Are you willing though, to gamble with your business by not asking a few vital questions; Are you able to forensically monitor activities, data and potential evidence in near to real-time across your network?
Do you have investigative reach into all your corporate data? Do you have qualified forensic resources at your disposal? Can you gather evidence in a forensically sound and time efficient manner? Can you guarantee the integrity of any evidence gathered? Do you have the knowhow and validated tools to process evidence? I ask again; Are you Forensic Ready?
Exactech has accumulated years of experience and expert skills in the areas of Computer and Cyber Forensics, Fraud Risk Management and Information Security. In addition to that, Exactech is FASSET and SASDC accredited, and a certified training provider for the IIA, ACFE and SAICA. We have assisted clients in not only answering the vital questions asked in this article, but to implement proven methods, solutions and Forensic Readiness programs that address each one of those critical questions.
By : André Naudé
Senior Manager : Exactech (JHB)
Our primary mission is to help organizations improve their fraud resistance levels and thus become more profitable. Secondary to that is to make a positive contribution in business ethics at our clients and society in general. Read More