Digital forensics can pave the way for efficient in-house investigations

By Shashidhar Angadi, Co-founder & Chief Technology Officer, Exterro

Companies in India have faced heightened enforcement in recent times. Regulators are scrutinizing acts and omissions of management more closely than ever, across a range of regulations that criminalize certain patterns of corporate behavior. More often than not, a whistleblower alert that triggers an investigation under a particular regulation has a domino effect, with other regulators also taking notice of the issue.

Shashidhar Angadi

For instance, earlier in April, a whistleblower of an asset management company based in Mumbai alleged irregularities in the company’s management of fixed income schemes. This development brought the asset management company under intense regulatory scrutiny. The investigation revealed a process violation but not a deliberate attempt at mismanagement on the company’s behalf. However, the asset management company’s alleged mismanagement made headlines across major news media. Such regulatory scrutiny can have far-reaching financial and reputational implications for any company, if not managed wisely.

The asset management company could have addressed the process discrepancy with an effective in-house investigation. The buck doesn’t stop there.

Another threat looms over businesses due to the explosion of data — insider threats. Data — the holy grail of any enterprise, is the coveted asset that threat actors go after. Be it, cyber criminals or malicious insiders, proprietary data is what they look for.

Over the past couple of years, insider threats from current and past employees have increased in congruence with data theft. In 2022, business leaders say that nearly four in ten existing employees pose a threat to data theft, while 63% of employees leaving a company admitted to taking data from the workplace. With insider threats on the rise, businesses need a robust investigation mechanism to identify and manage threats now more than ever.

Despite this pressing need, 52% of organizations in India say they do not have a dedicated investigation function within the organization, while half of them feel their existing investigation structure is ineffective. This is because only a few organizations (33%) in India have in-house technical support to conduct an end-to-end investigation and review of cases. Here’s another interesting stat: While a large majority of organizations in India (87%) either use or are considering using data analytics as part of their investigative work, only 19% are currently using data analytics that is mature.

The writing is on the wall: Having the right digital forensic solution is necessary for effective in-house investigations.

Smarter solutions to avoid data silos

Insider threats are increasing as organizations lack visibility into all endpoints in a remote or hybrid work model. New organizational policies like work from anywhere and bring your own device, migration to the cloud in addition to proliferating privacy regulations have made investigations more complex. More remote endpoints translate to more security vulnerabilities, considering the explosion of data, devices, and regulations.

This means that organizations have less control, even less access to data, and lesser collaboration. No longer can teams be siloed as the data that must be collected expands across teams and devices. Across all sectors, investigations are becoming more collaborative and are drawing in staff who are not legal professionals to conduct investigations. At a time when HR, compliance, and legal departments are increasingly playing a more active role in data preservation and analysis as part of investigations, organizations need to foster collaboration. This need is especially acute when outside counsel, law firms, or service providers are brought into an investigation.

Since legacy forensic technologies can be hard to scale, they can create data silos, where the movement of data between departments can take up exorbitant amounts of time to gather and process. Existing forensic tools and technologies can’t always deliver the efficiency required to complete the investigative workload. Given these realities, businesses need integrated tools that enable and foster collaboration without requiring unnecessary data movement, longer timeframes, or higher costs.

Organizations need more powerful and flexible forensic solutions that can handle big, diverse data loads and work faster than existing platforms. But it’s not just about more processing power. Technology must enable better indexing, higher scalability, and agile collection capabilities. More than anything, today’s solutions need to be smarter.

Harnessing the power of AI for in-house investigations.
Faster incident response: When a data breach occurs, security teams scramble to identify what caused the breach. Currently, incident response is slow because organizations do not have the capacity to collect data from all endpoints across a broad range of operating systems. Besides, in case of a breach, it is critical to maximize the speed at which electronic evidence is preserved, all while minimizing the impact on business operations.

Businesses need a digital forensic investigation management solution that can do two things seamlessly to kick off a post-breach investigation: perform off-network endpoint data collection and seamless API integration with a
company’s cybersecurity platform of choice. A solution that leverages deep learning enhances the security posture of the organization by integrating with automation and orchestration tools.

Data security: Data security has become one of the most pressing concerns given how data breaches have the potential to hamper a company’s reputation. With high-profile breaches being reported governments are implementing new privacy laws. Increasingly, C-level executives want reassurance from their cybersecurity teams that their data is secure and the company is compliant with regulations.

One of the most challenging questions executives need to ask themselves is: How do we ensure our employees are protecting business data when accessing it from cell phones, smart watches, or other new emerging devices? With the right digital forensic solutions, businesses can ensure customer data, financial data, intellectual property, personally identifiable information, and legal information is safe from breaches.

With a scalable solution that can be integrated with cybersecurity software, businesses can track malicious activity and identify insider threats quickly and seamlessly.

Better data collection and review: The ability to monitor threats and remediate security breaches remotely at every endpoint quickly is the need of the hour. Most often, digital investigation solutions bring back files to the investigator to perform keyword searches. With more time spent on manually reviewing data, investigations become long-drawn.

Businesses need a solution that allows triaging by homing in on specific data using filters, search terms, or manual culling of data, while also reviewing it to pull out the necessary data for the investigation.

The way forward
Technology is the key to smarter investigations but not all technologies enable agility and efficiency. For smarter investigations, businesses need digital forensic solutions that work and identifying the right solutions requires five critical metrics:
– Does the solution have the capacity to leverage multi-core computers to realize the full
the potential of hardware resources?
– Does the solution enable smart indexing and eliminate repetitive redundancies?
– Is the solution built on a unified database ensuring data does not have to move between disparate platforms and products?
– Does the solution ensure the chain of custody is not disrupted?
– But more importantly, is the solution agile and scalable, and secure?

Conventional approaches to in-house investigations that lack a forensically secure back-end database don’t work because every time organizations move their data, they risk corruption or potential loss— not to mention the added cost. A connected database ensures cross-functional teams can easily collaborate on investigations, speeding up resolution times. This only ensures investigations against malicious insiders occur quickly.

developmentdigital
Comments (0)
Add Comment