Digital forensic solutions can aid in-house investigations and processes and enable organizations to be more proactive in detecting and avoiding insider threats.
[quote font=”tahoma” font_size=”13″ font_style=”italic” color=”#262626″ bgcolor=”#f9f9f9″]
“When integrated with SIEM tools to create a Security Orchestration Automation Response, digital forensic solutions can provide a playbook for companies to take preventive measures before a breach occurs.”
Shashidhar Angadi,
Co-Founder & Chief Technology Officer,
Exterro
[/quote]
Insider threats from current and past employees have come to torment businesses on a big scale. In 2022, the issue has been accentuated phenomenally. Nearly four in every ten existing employees have been found to pose a threat to data theft and as much as 63% of employees leaving a company admitted to taking data from their respective workplaces. Thus, to deal with this precarious situation, a holistic investigation mechanism to identify and manage threats has become the crying need of the hour.
In a special interaction with SME Channels, Shashidhar Angadi, Co-Founder & Chief Technology Officer, Exterro, reveals his organization’s approach to leverage this highly promising technology, opportunities created by the Unified Legal GRC Software solutions, his forecasts for digital forensic solutions industry, the major factors responsible for the unhealthy surge in insider threats, how to curtail and prevent risks and his vision and plans for the industry. Edited excerpts…
As a Unified Legal GRC Software Provider, how do you think digital forensic solutions can help in-house investigations?
Over the last few years, insider threats from current and past employees have increased. In 2022, business leaders say that nearly four in ten existing employees pose a threat to data theft and 63% of employees exiting a company admitted to taking data from their respective workplaces. With insider threats on the rise, businesses need a holistic investigation mechanism to identify and manage threats.
Since legacy forensic technologies can be hard to scale, it can create data silos. Now that investigations span across departments and endpoints, collating and analyzing data can take up exorbitant amounts of time. Existing forensic tools and technologies can’t perpetually deliver the efficiency required to complete the investigative workload. Given these realities, businesses need integrated digital forensic solutions that foster collaboration without requiring unnecessary data movement, longer timeframes or higher costs.
There have been rising incidents of insider threats (both intentional and unintentional ones) in India. What are the factors responsible for this unhealthy surge?
One of the primary reasons for the increase in Insider threats is the lack of visibility into all endpoints in a remote or hybrid work model. New organizational policies like work from anywhere and bring your own device, cloud migration and evolving privacy regulations have made investigations more complex. More remote endpoints have created more security vulnerabilities and organizations have lesser control, and even lesser access to data and collaboration between teams for investigations. Besides, organizations in India have been slow in implementing policies, procedures, and training employees in carrying out investigations effectively using digital forensic solutions. With slow tech adoption, organizations face the challenge of not being able to identify and mitigate intentional and unintentional insider threats.
Additionally, insider threats can be of two types — unintentional and intentional. Most often, unintentional leaks occur due to phishing or social engineering attacks. When such attacks occur, threat actors access information across the board including that of contractors and third parties working for the business. It could also be that malicious code was deployed into the system of a remote employee, giving cybercriminals access to the corporate network.
Intentional attacks occur when employees willingly exfiltrate critical data or work product. This could be an employee exiting the company or a disgruntled one. It could also be employees who are incentivised to exfiltrate data like the ransomware group Lapsus$, which identifies malicious insiders to install malware before demanding a ransom. Given the highly distributed nature of corporate networks and inclusion of employee personal devices, the amount of data generated too has increased significantly. Gaining visibility into employee personal devices is again a challenge and since home networks are now a part of the corporate network, a compromise of any one device has the potential to compromise critical business information and intellectual property. These are some of the most pressing concerns associated with insider threats.
What are factors that impede internal investigations currently existing among organizations?
Across all industries, inhouse investigations are becoming more collaborative and are drawing in staff who are not legal professionals to conduct these investigations. For instance, various departments including HR, finance, compliance, and legal departments are increasingly playing a more active role in preserving data and analyzing it for investigations. Such cross-collaborations can make the investigation process complicated and time consuming. This is especially true when organizations have to collaborate not just internally but also with outside counsel, law firms or service providers for a probe.
With disparate sets of data scattered across various functionalities and departments, managing data silos is a challenging task. In addition, gathering data individually from remote endpoints can become extremely time consuming and expensive.
Why should organizations use digital forensics while trying to reduce risks brought on by insider threats?
Globally, insider threats have increased by 40% over the last 2-3 years and such an event costs companies an average of $13 million. Insider threats are clearly an expensive affair and if not monitored properly, may go unnoticed for weeks and sometimes months. Organizations need the capacity to react to insider threats immediately. This requires data to be collected from numerous endpoints across the network and remote locations. More often than not, it must be done without detection. Once this data is collated, it needs to be analyzed swiftly with actionable insights on how to remediate the situation.
This is where digital forensic solutions can aid in-house investigations and processes. They can enable organizations to become more proactive in detecting and avoiding insider threats. When integrated with SIEM tools to create a Security Orchestration Automation Response, digital forensic solutions can provide a playbook for companies to take preventive measures before a breach occurs. Data gathered from digital forensic solutions can aid SIEM tools trigger workflows automatically to reduce the risk of data breaches.
At a time when organizations are generating petabytes of data, they need more powerful and flexible digital forensic solutions that can handle big, diverse data loads and work faster than existing platforms. But it’s not only about more processing power. Digital forensic solutions must enable better indexing, higher scalability and agile collection and analysis capabilities.
How will Exterro’s solutions reduce risk brought on by outsourcing investigations?
For any investigation to unveil the truth, it requires unvarnished facts about the incident. This requires preserving, collecting, analyzing and reviewing data. When it is outsourced, such investigations can be an expensive and time-consuming process. This is because the process of identifying the right third-party vendor with expertise in digital forensics and relying on it being forensically sound creates more contingencies. Besides, the outsourcing company would need to get access to the company’s IT infrastructure and the devices that require data collection and analysis, opening up the attack surface further.
In addition, interviewing relevant people for the investigation and verifying the information they provide with the data, contextualizing and analyzing it becomes crucial and there can be no margin for error. In addition, the outsourcing companies will have to upload sensitive company data onto their own data centers to carry out the investigation. This poses a risk of data loss or theft too. Exterro’s solution can enable inhouse teams to get to the facts of the case faster, quicker in a cost-effective manner. The evidence generated is forensically sound and also avoids the risks of data movement and the use of non-defensible approaches of investigation that could render evidence inadmissible.
How affordable are Exterro’s Legal Governance and Risk and Compliance (GRC) solutions? Does cost help you to gain market share?
Exterro’s technology is built on a core platform which can be customized before deployment. The platform is flexible, and modules can be built to suit requirements as and when needed. Each of the modules has built-in integration capabilities, providing complete visibility into data management. Applications can be enabled as and when organizations need them without having to toggle between multiple apps. Exterro’s software has in-built connectors and integration capabilities ensuring existing investments within the organization are fully utilized and with no lost ROI. Exterro’s platform has a very flexible pricing model that is cost-effective for small, medium and large organizations. Flexible pricing models based on data usage helps organizations predict pricing on a need basis.
Exterro focuses on the overall ROI organizations can generate by getting to the facts of cases quicker and easier in a cost-effective manner. This is done by reducing the risk using ROT (Redundant, Obsolete and Trivial ) strategies in the unified platform to get rid of unwanted data.