Corporate Forensics come into play when there’s a risk to the company’s reputation, a suspected case of fraud, threat to IP or even a case of sexual harassment, to cite a few instances. It is driven from a need. Besides IT, it encompasses Legal, HR, Audit, Compliance etc. A curious world, what with BYOD, data emanating in large volumes, in different forms and sources.
In very large organizations, there are usually two distinct teams: Incidence Response Team & Forensics Team. If they are merged as part of Cyber Security Team, there’d always be a conflict of interest. Internal requirements within large companies are sometimes so pressing and voluminous, that that in itself proves to be a driver. There are 4 steps to corporate forensics – prevention, detection, containment & investigation. In India the state of forensic readiness is rather low and often it is a knee-jerk reaction after a certain incident has taken place. It is interdisciplinary, and in case of severity of the crime there’s a definitive need to seek help from law enforcement. Care should be taken to avoid erasing of evidence.
Devices commonly used, are not built to address forensic related issues. Skills required to address this is specialized, processes must be well-defined and infrastructure be made ready. Most companies would rather go for outsourcing of this function than have in-house capabilities. The case for Information security is an afterthought in most devices but there are sufficient built-in artefacts which can aid in data collection, should the need arise. Operating Systems are not designed to be forensic friendly so certain specialized tools are required when data needs to be extracted.
Industries like Telecom & BFSI are at a higher level of preparedness, largely due to the fact that it is government mandated. Increasingly, large IT firms are developing corporate forensics capabilities because of perceived internal threats. The percentage of cases that are reported is quite dismal. Only about 5% or thereabouts. There’s much sensitization that is required at top management. Most carry the impression that it is something that happens to others. This flawed belief needs to be addressed. Once, it strikes, the impact of cyber-crimes can be disastrous. This builds a strong case for ROI and why companies should invest in cyber forensics. The other aspect that must be considered is retention of data. How much and for how long? Companies are known to invest heavily on procuring servers towards meeting this need.