What would you do if a message popped up on your computer that said, "Unless you pay $10,000 you'll never see your data again"? Should your internal IT staff attempt to fix the issue? If not, who should your company turn to for help?
David: So what would you do if you went into work on a Monday morning and you go to type in your username and password and instead of getting that regular screen you got a message that unless you pay me 10,000 dollars you’re never seeing your data again?
David: Can you tell me what is Forensic IT and how does that come into play after you have a network security incident?
Ken: Well the question that is posed earlier—“What happened?” “Who did it happen to?” “How do we stop this from happening?”—all of those questions contain this question of how to we rebuild the data. With a Forensic IT Specialist, you’re getting a team that designed and specialized in containing a situation like this, fixing the issues, and getting your business up and running again.
David: So it really seems like a Forensic IT Specialist is a lot like a “guns for hire” that knows exactly how to attack a ransomware incident or a data breach and they know exactly how to get your business back up and running to the extent that it should be. If we are dealing with a ransomware attack, why shouldn’t a company use their own internal IT to figure it out and try to make it better.
Ken: Well, your own It staff is going to be limited in knowledge and experience for the most part and a Forensic IT Specialist is an actual true response team, this type of incident is exactly what they do day in and day out—that’s the sort of response you want. If you look at the Ponemon Institute, they released in July 2018 that stated businesses who contained a data breach within 30 days suffered a million dollars less in damages than those who didn’t contain it longer than 30 days.
David: So having these folks come in can have a dramatic impact to the total cost it takes you to resolve a particular incident.
David: From what I’m hearing there might be some kind of legal ramifications to something like a ransomware attack or a network security incident. If you have certain types of data, how would forensics IT help you collect that evidence?
Ken: It would let you know a time of events in which these things have happened. This timeline would tell you what information was lost, what was stolen, what format was it, was it encrypted, did you lost the decryption key, was it health information, etc. There’s state laws and there regulations that pertain to the type of information of what was lost or stolen. There’s also time lengths in which you have to notify individuals, so the collection of data is one of the most important pieces of the forensics process.
David: Okay, so once that data gets collected, there’s a whole legal effort I’d imagine that follows in behind that to help you assess what legal obligations you might have. And that’s actually going to be our theme for next week’s episode! We’ll talk about the legal resources a cyber insurance policy is going to provide to you in the vent that you deal with a cyber breach.
Ponemon Institute Cost of a Data Breach: https://securityintelligence.com/series/ponemon-institute-cost-of-a-data-breach-2018/