Tag: cybersecurity

Protect Yourself from Cyber-breaches: Digital Forensics and Incident Response | Blog

May 7, 2019

According to the Identity Theft Resource Center, a staggering 1,200+ breaches were reported in 2018. A breach can wreak havoc on a business, including – but not limited to – loss of revenue and reputational harm. And poor incident response can compound that damage, as demonstrated by breaches at Deloitte, Equifax, Uber, and Yahoo.

Some enterprises are recognizing the importance of being prepared and able to respond to attacks: 22 percent of respondents to a 2018 Everest Group survey rated “reduction in time/effort to detect, respond, and recover from breaches” as their top strategic priority in next 12-24 months.

But given the dangers, 100 percent of enterprises need to think through and create an effective risk mitigation strategy. This is where Digital Forensics and Incident Response (DFIR) can be essential. Combining incident response with deep forensic analysis to collect and examine digital evidence on electronic devices, an effective DFIR strategy can help mitigate business risks in the early stages of an attack.

Twin Forces Driving DFIR adoption

Starting on the DFIR journey: an enterprise perspective

The first step in the journey is establishing forensic analysis and incident response teams responsible for reporting, incident handling, and monitoring when a breach is detected.

The incident response team should have specific training in areas such as file systems and operating system design, and have knowledge of possible network and host attack vectors.

After a breach is detected, the forensic analysts must work closely with the incident response team to address several issues, such as isolating affected systems and making containment decisions, based on existing device, access, and data security policies. Enterprises must also update their policies regularly to stay ahead of attackers.

Putting DFIR into action

An effective incident response plan should include the following components:

Enterprise action items following breach detection

A guided approach to creating a DFIR strategy

Enterprises without a cyber-attack incident response plan leave themselves open to potentially insurmountable losses. Despite the danger, they often face significant challenges in creating a plan. These challenges include:

  • Limited budget for plan development and forensic analysis
  • Lack of built-in approval systems to kick off incident response
  • Lack of support for cyber insurance policies
  • Lack of adequate skill sets to perform forensic analysis.

Our guided approach to developing a DFIR strategy can help enterprises evaluate and onboard digital forensics as part of their overall cybersecurity strategy.

DFIR strategy for enterprises

Specialist DFIR offerings can help

As many enterprises aren’t equipped to improve their security posture and reduce incident response times on their own, specialist DFIR vendors – such as CrowdStrike, Cylance, and Mandiant – can assist with suites of holistic offerings. In contrast with managed security services (MSS) players, specialist DFIR vendors lead with localization as their core value proposition. Their product-centric service offerings, localization, and a guided approach help enterprises build resilient business are valuable resources for enterprises.

In fact, DFIR capabilities are becoming a deal clincher/breaker in large security transformation deals between enterprises and MSS providers. Enterprises need to carefully analyze the value proposition of their current/potential MSS partners serving as their DFIR vendor. The following checklist can help enterprises determine if their MSS providers can provide DFIR services.

Enterprises MSS Partner checklist for DFIR capabilities

Approaching DFIR in the digital world

Today’s business environment has dramatically changed the way enterprises need to address DFIR. Adoption of digital technologies such as cloud, IoT, mobility, software defined everything (SDX), etc., has made traditional forensics techniques obsolete. And issues such as evidence acquisition, validation, and cataloging are just the tip of the iceberg.

The following new approach can help enterprises effectively protect themselves against cyber attacks in the digital world.

The new approach to DFIR

Given what’s at stake, enterprises must understand that remaining in the dark about potential breaches can prove significantly more devastating than the time and resources required to build or onboard competent digital forensics capabilities. DFIR can be a challenge, but it’s worth it.

Please reach out to us at [email protected] and [email protected] if you are interested in exploring DFIR in further detail.

Why Shadow IT is the Next Looming Cybersecurity Threat | In the News

April 25, 2019

Shadow IT is an issue that just about every organization faces on some level, but when I speak to executives and IT leaders, it’s simply not a topic that comes up. When I do bring it up, it quickly becomes clear that the tech industry as a whole underestimates the size and scope of the issue. And that lack of awareness and understanding is posing an ever-increasing threat to data protection and cybersecurity.

Some executives I speak with haven’t even heard the term “shadow IT,” which refers to systems, software, or applications that individuals in an organization use on a regular basis without the knowledge of executive leadership or the IT department. And when I tell them that recent research by the Everest Group found that upwards of 50 percent of technology spend in organizations lurks in the shadows, I can see their jaws drop. This means that half their budgets are being spent on software that teams, groups, and business units are purchasing (and using) without the IT department’s knowledge.

Read more in TNW

The Equifax Data Theft: What if GDPR were in Force? | Sherpas in Blue Shirts

October 4, 2017

The high entropy data protection space has once again gained headlines after Equifax, the U.S- based consumer credit reporting agency, revealed that a July 2017 theft compromised more than 143 million American, British, and Canadian consumers’ personal data. The data breach incident, one of the worst cyber-attacks in history, was conducted by hackers who exploited a vulnerability in the company’s U.S. website and stole information such as social security numbers, birth dates, addresses, and driver’s license numbers. (Equifax maintains and develops its database by purchasing data records from banks, credit unions, credit card companies, retailers, mortgage lenders, and public record providers.)

Much about the situation would have been considerably different had this breach happened after May 2018, at which time the General Data Protection Regulation (GDPR) – a regulation by which the European Parliament, the Council of the European Union, and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU) – goes into effect. Even though it is not headquartered in the EU region, Equifax would have come under the purview of GDPR, because it maintains and reports the data of British citizens. And the stringency of requirements and degree of implications would have been significantly higher for the credit rating agency.

GDPR and Equifax

Although not directly related to GDPR, another significant business impact is the sudden “retirement” of Equifax’s CEO less than three weeks after the breach was announced.

This massive cyber-attack is a wake-up call for the services industry. Starting today, operations and businesses must regard data protection regulations with the utmost importance. Non-compliance will not only harm firms financially, but also expose them to brand dilution and business continuity risks.

Some of the key imperatives for enterprises operating in the ever-so-stringent data protection space include:

  • Know and understand the data security laws under which your enterprise falls, especially those such as GDPR that have far reaching impacts
  • Redesign your business processes to incorporate privacy impact assessments to identify high risk processes
  • Implement necessary changes in the contracts with third parties to incorporate the stricter requirements of consent
  • Achieve process transformation to inculcate privacy by design; this includes risk exposure reduction by technological changes such as data minimization
  • Appoint a Data Protection Officer to align the business goals with data protection requirements
  • Make suitable changes in contracting and governance practices to ensure adequate emphasis on data protection

To learn more about the strategic impact of the EU GDPR on the global services industry, please read our recently released viewpoint on GDPR: “EU GDPR: Is There a Silver Lining to the Disruption.”

EG with tagline Neg
Linkedin-in Facebook-f Play Instagram
Better Decisions Powered by Tenacious Research    

Contact Us

Who We Are

About Us

Newsroom

Office Locations

Partners & Affiliations

What We Offer

Memberships

Custom Decision Support

Published Research

Careers

Why Everest Group

Explore Openings

Equal Opportunity Employer

Resources

Access Reports

Citation Policy

Everest Group Market Intelligence (EGMI)

Legal

Using the Reports Portal

©2023 Everest Global, Inc.         Privacy Notice          Terms of Use        Do Not Sell My Information

How can we engage?

Please let us know how we can help you on your journey.

Contact Us

"*" indicates required fields

Please review our Privacy Notice and check the box below to consent to the use of Personal Data that you provide.
Consent*