Analysis as the essential part of the incident response process in a post-pandemic era
The pandemic has forever changed our lives, and the global workforce.
Restrictions and “stay at home” lockdowns imposed by governments around the world forced many organisations to pivot—virtually overnight—to support an exclusively or predominantly remote workforce.
The result of the dramatic shift to remote working was that very few were prepared to support their employees with a secure environment for them to effectively do their jobs while at home.
Swissinfo.ch reported that in Switzerland the number of cyberattacks reported to the Swiss National Cyber Security Centre (NSCC) was three times higher than its average in April of 2020. This included incidents of phishing, fraudulent websites, and other forms of direct attacks on private sector organisations.
THE INTENSIFYING CYBERSECURITY THREAT LANDSCAPE
The increased cyberattacks on organisations can be attributed to a rapidly intensifying cyberthreat landscape. In an article published by Deloitte, Impact of COVID-19 on Cybersecurity, they suggest that some of the factors contributing to a more dangerous cyberthreat landscape include:
- Employees with less supervision and fewer technical controls may be tempted to commit fraud, IP theft, or other forms of malicious insider threat activities
- Data security measures in place were not—and still may not be—fit or robust enough to handle a sudden shift to remote work making corporate networks vulnerable
While both of these factors present real and serious potential harm to an organisation, with an effective Incident Response plan and tools in place, the risk that they pose can minimised.
Cynet provides a succinct definition of Incident Response:
Incident response (IR) is a set of policies and procedures that you can use to identify, contain, and eliminate cyberattacks. The goal of incident response is to enable an organization to quickly detect and halt attacks, minimizing damage and preventing future attacks of the same type.
An effective IR plan generally has four phases each of which are comprised of several activities and likewise their own set of tools.
Unfortunately in today’s cyberthreat landscape for many organisations it’s not a matter of if a cybersecurity incident, but rather when a cybersecurity incident will occur. Therefore regardless of how prepared an organisation may be, they will still need to the tools in place to—not only detect but also—analyse incidents.
As a result: arguably one of the most important phases of this lifecycle is the analysis phase of the process. In this phase specialised digital forensics tools, such as Magnet AXIOM Cyber, play a key role in discovering and validating the root cause or indicators of compromise of a security incident such as a malware attack or an insider threat attack like IP theft.
THE RISE OF THE HYBRID MODEL OF WORK
In the post-pandemic era, a hybrid model of work will emerge: one that combines some remote work with working from an office. McKinsey suggests that in the US, 22% of employees will be able to work remotely between three and five days a week. Now more than ever before, it’s imperative that organisations have the tools at their disposal to effectively and reliable collect data for the purposes of a digital forensics investigation from endpoints that are not connected to the corporate network.
And it’s not only computer endpoints that represent sources of data for investigations. Data that is crucial to providing a complete picture of an entire security incident, for example IP theft, resides on mobile devices as well as in the cloud.
In Magnet Forensics’ 2021 State of Corporate Digital Forensics in Cybersecurity Report, they found that the top four sources of data for their investigations were mobile devices, computers, remote endpoints, and cloud evidence.
To ensure the analysis phase of the IR process is successful and thorough, tools that can acquire from computers (including Mac, Windows, and Linux), mobile devices, and cloud sources must be employed.
Without the proper digital forensics tools, the Incident Response process breaks down and companies are left vulnerable and exposed to malicious attacks from bad actors both internally and externally. The results of the intensified cybersecurity threat landscape and lack the proper tools to combat it are not only monetary, they extend into customer trust, and brand reputation which can often be irreparable. While some organisations may have the ability to weather that storm, many do not and unable to recover at all.
To learn more about how you can arm your organisation with Magnet AXIOM Cyber, a digital forensics solution with the capability to collect and analyse data from computers—including remote endpoints not connected to the corporate network—mobile devices, and cloud sources, visit magnetaxiomcyber.com.
Dan Patefield
Dan Patefield
Dan leads the techUK Cyber Security programme, having originally joined techUK in August 2017 as a Programme Manager working across the Cyber and Defence programmes. He is responsible for managing techUK's work across the cyber security eco-system, bringing industry together with key stakeholders across the public and private sectors. Dan also provides the industry secretariat for the Cyber Growth Partnership, the industry and Governmnet conduit for supporting growth across the sector. A key focus of his work is to strengthen the public-private partnership across cyber security to support further development of UK cyber security policy.
Before joining techUK he worked as Forum Lead for the Westminster eForum. In this role he had a focus on the technology and telecoms space, on issues ranging from Broadband and Mobile Infrastructure, the Internet of Things, Cyber Security, Data and diversity in tech. Dan has a BA in History from the University of Liverpool.
- Email:
- [email protected]
- Phone:
- 020 7331 2165
Jill Broom
Jill Broom
Jill is techUK’s Programme Manager for Cyber Security, working across the cyber eco-system to bring industry together with key stakeholders across the public and private sectors.
Prior to focusing in on techUK's cyber security work, Jill was also part of techUK's Central Government programme team, representing the supplier community of technology products and services to Whitehall departments.
Before joining techUK, Jill worked as a Senior Caseworker for an MP, advocating for local communities, businesses and individuals, so she is particularly committed to techUK’s vision of harnessing the power of technology to improve people’s lives. Jill is also an experienced editorial professional and has delivered copyediting and writing services for public-body and SME clients as well as publishers.
- Email:
- [email protected]
- Twitter:
- @honeybroom
- Website:
- www.techuk.org
- LinkedIn:
- https://www.linkedin.com/in/jill-broom-19aa824
Annie Collings
Annie Collings
Annie joined techUK as the Programme Manager for Cyber Security and Central Government in September 2023.
Prior to joining techUK, Annie worked as an Account Manager at PLMR Healthcomms, a specialist healthcare agency providing public affairs support to a wide range of medical technology clients. Annie also spent time as an Intern in an MPs constituency office and as an Intern at the Association of Independent Professionals and the Self-Employed.
Annie graduated from Nottingham Trent University, where she was an active member of the lacrosse society.
- Email:
- [email protected]
- Twitter:
- anniecollings24
- LinkedIn:
- https://www.linkedin.com/in/annie-collings-270150158/