Why you need a digital forensics team (and the skills to look for)
Prevention and detection aren't enough. To better defend against future intrusions, you need a strong digital forensics team that can analyze attacks.
In a world where enterprises are embracing the fact that breaches are not a matter of ‘if, but when,’ it is becoming increasingly important to develop internal and external resources to investigate and oversee the impact of attacks after they have happened.
Digital forensics is a relatively recent skills concentration—one that does not necessarily require the same talents, expertise or background as other cybersecurity positions. And while more enterprises are recognizing that they need such talent on the back-end, as it were, there are still holdouts that are entirely focused on detection and prevention, to their detriment.
“I think this is actually a misconception [that] organizations do not necessarily need to build out digital forensics teams in-house,” says Sean Mason, director of incident response for Cisco Security Services, adding that Cisco is building out its own forensic capability via its incident response services team. A key problem, Mason says, is “there is not enough talent to go around and, generally speaking, most organizations don’t have enough demand to require a full-time team on staff.”
Munish Walther-Puri, chief research officer at dark web monitoring company Terbium Labs, points out that digital forensics requires a combination of “investigation, intelligence, and innovation.”
Digital forensics teams are a complement to any IT team “because they figure out the who, when, when, where and why a bad actor came into the system, says Avani Desai, president of audit and accounting firm Schellman & Co. “They help paint a picture of the incident and provide guidance on how to mitigate the risk of that happening again.”
Digital forensics teams are a complement to any IT team “because they figure out the who, when, when, where and why a bad actor came into the system, says Avani Desai, president of audit and accounting firm Schellman & Co. “They help paint a picture of the incident and provide guidance on how to mitigate the risk of that happening again.” The forensics teams also take past data and processes and builds upon it to make sure they have the tools to handle issues that are getting significantly tougher to solve, Desai adds.
Darien Kindlund, vice president of technology for Insight Engines, a provider of natural language search technology, points out that digital forensics is “an important pillar in any security operations team, in order to assess and understand tools, tactics, and procedures (TTPs) used by attackers to compromise a firm. That way, the firm can stop future breaches using these same TTPs by new attackers. A firm’s ability to understand how these attacks work is directly tied to how effective their digital forensics team is.”
Thinking differently for forensics
“As with any highly analytical job, the forensics team must have high attention to detail, focus on a methodological approach and execution, and have a determined approach – no stone can go unturned."
Digital forensics employees are often lumped in with cybersecurity personnel in general—but the skill set and expertise required is typically very different. Being part of the digital forensics team means working with a large subset of the organization, such as human resources, IT, legal, compliance and operations, according to Desai. “They need to have strong interpersonal skills, as tension is often high during an incident or breach response,” Desai says. “As with any highly analytical job, the forensics team must have high attention to detail, focus on a methodological approach and execution, and have a determined approach – no stone can go unturned."
In addition, digital forensics team members need to “understand the ever-evolving environment of cybersecurity and how changes and new malware will affect the systems, which means they have to have a keen desire to learn and adapt to changes,” Desai says.
Digital forensics may not be as flashy as other cybersecurity positions—it is an “unconventional” IT security job, according to Desai. “But the skills of analytical thinking, attention to detail, solving puzzles are exciting and the earlier exposure the easier it will be to have a pipeline in the next ten years.”
About AVANI DESAI
Avani Desai is the President at Schellman. Avani has more than 15 years of experience in IT attestation, risk management, compliance and privacy. Avani’s primary focus is on emerging healthcare issues and privacy concerns for organizations. Named as one of the 2017 Global Leaders in Consulting by Consulting Magazine she has also been featured and published in the ISSA Journal, ITSP Magazine, ISACA Journal, Information Security Buzz, Healthcare Tech Outlook, and many more. Avani also sits on the board of Catalist, a not for profit that empowers women by supporting the creation, development and expansion of collective giving through informed grantmaking. In addition, she is co-chair of 100 Women Strong, a female only venture philanthropic fund to solve problems related to women and children in the community.