Ahmet Öztoprak, Senior Director of META at Binalyze, discusses how automated workflows and escalation processes can ensure seamless handovers, and support increased collaboration between DFIR analysts, enabling continuous investigation progress outside operating hours.
As is the case with a true crime scene, such as bank robbery for example, a forensics team will be called in to detect how illegal entry was made possible and how the security was breached, the same is applied when hackers breach the cyber security walls and access important data at major corporations.
With the intricacies of the digital world growing exponentially, the relevance of effective and timely Digital Forensics and Incident Response (DFIR) cannot be overstated. Organisations continue to suffer costly attacks, in fact an IBM report found that 83% of enterprises in 2022 had multiple breaches, and the average cost per breach was a staggering $4.35m.
Earlier this year, in collaboration with the global market intelligence firm IDC, we published a compelling new report: “The State of Digital Forensics and Incident Response 2023.” One of the main findings of the report is that the average time to investigate an incident is approximately 26.1 days, and the time to resolve incidents is an additional 17.1 days.
That is upwards of a month in which hackers bypass an organisation’s security measures and have access to their data. The disastrous implications of this cannot be described. Valuable information puts stakeholders, customers, and employees at high risk and the lag in response time is indicatory of a major problem – the prevalence of a skill gap.
Our previously mentioned IDC report supports the presence of this chasm with 81% of respondents identifying the skills gap as a major challenge. The glaring truth is made even more notable because some of the biggest corporations simply do not have the tools or resources to protect themselves. In the same survey, 60% of organisatons face trouble during investigations of incidents while half, face uphill battles when collecting evidence from remote assets.
The Skill Gap can be seen in the challenges major organisations face in collating and studying digital evidence during investigations, understandable due to the various entry points made available with the jump to working from home.
The paradigm shifts to remote work following the pandemic, while beneficial in its own way, did come with a slew of new potential issues for cybersecurity breaches by creating multiple pathways that can be breached. With the digital landscape continually expanding and becoming even more interconnected, the volume of data generated by enterprises across on-premises, cloud, and hybrid environments has become even more vulnerable.
Security teams must now deal with an increased number of alerts and threats due to vulnerabilities caused by remote work. On the other hand, their own workflows need to adjust significantly by the sheer fact that physical access to assets is often no longer a feasible option.
There have, however, been strides made to bridge the skill gap and the solutions straddle the fine line between automation and human manpower.
What does this mean?
Automation facilitates the streamlining of routine tasks, such as the consolidating of required solutions and elimination of human error all together. The implementation of DFIR automation will lead to the proactive identification and response to incidents reducing the need for 24 x 7 monitoring.
More prevalent also is the role of intelligent analysis, tackling the potentially daunting task of sifting through sheer volumes of data, identifying patterns and anomalies, and actioning insights for security teams that allow them to focus their attention on the most promising details,
That said, automation is not the be-all-end-all solution here. It does not eliminate the need for skilled manpower. Some tasks require human intuition, an understanding of context, and advanced decision-making skills that automated tools simply do not possess. Balance between automation and human intervention is key.
Upskilling on the other hand is a time-consuming long-term approach. Training staff is a worthwhile investment, however it is not an optimal approach as the problems are happening now.
That’s when outsourcing becomes a clear pathway to helping companies with the skill gap.
In fact, 65 % of companies mentioned that they would need to outsource the analysis of digital evidence and 50 % would need the third parties to collect and curate the evidence. 48 % of companies said they would need the support of third parties to conduct remote inspections.
The right solution for your organization
As we navigate through this talent shortage, it’s clear that the right platform can make a significant difference. By embracing the changes the shift towards remote work has brought and leveraging solutions that natively support remote workflows, automation, integration, and intelligent analysis, we can empower security teams to work more efficiently, respond to threats more quickly, and ultimately, protect our organizations more effectively.
The future of cybersecurity lies not just in hiring more professionals, but also in equipping the ones we have with the platforms they need to succeed, allowing you to get more done with the talent already present.