5 reasons to use forensics
With the prevalence of data breaches rising, the industry is slowly yet surely realizing they're no laughing matter. And with price tags circulating around the billions, more organizations are starting to take the steps necessary to protect themselves against a costly breach of sensitive information.
Yet, breaches remain common, and as best practices continue to develop around how to handle them, one tool is proving to be invaluable: forensics.
"Oftentimes, organizations want to understand what happened and how did it happen, and the chain of evidence and information has to be preserved," said Mahmood Sher-Jan, vice president of product management at ID Experts. "To bridge that gap, whether it was an outside attack or an internal issue, is to begin the process of analyzing information to see the overall scope of the damage. That causes it to get kicked-off with a forensic analysis."
Sher-Jan and Winston Krone, managing director at investigative and analysis services firm Kivu Consulting, highlight five reasons organization should use forensics if a breach occurs.
1. Essentially, it's required. States simply aren't accepting organizations' stories of what happened when it comes to a breach, said Krone, unless they have forensics to back it up. "I think it's fair to say, it sort of raises an eyebrow about those organizations that aren't using forensic analysis or simply trusting whatever a third party has told them about what happened," he said. Instead, regulators are increasingly requiring hospitals do their own "due diligence," said Krone, and look into the breach. "They can't trust a third-party vendor, which has all the reasons in the world to down play the significance of events," he said. "If you don't do forensics, you're opening yourself up to be destroyed in court. It's a given, and it's expected."
2. It can save you money. Many times, said both Krone and Sher-Jan, an organization overestimates the impact of a breach. ID Experts "brought us into cases, and we said it's a false alarm, there wasn't a breach," said Krone. "So spending money on forensics, or setting your system up so you can conclusively say the data wasn't accessed, can save you an enormous amount of money in terms of notifications, PR, etc." Sher-Jan added that, even if a breach did occur, forensics help tell the full scope of the incident. "If there actually was [a breach], the process can lead to a better understanding of what was accessed and what data elements were compromised," he said. "Then, you can segment the number of records that were compromised and treat them differently; they may fit into an inclusion, according to the law. So all the way around, there are financial benefits to using forensics."