By Shashidhar Angadi, Co-Founder and Chief Technology Officer, Exterro
Businesses in India have faced increased enforcement lately. Regulators are scrutinizing the acts and omissions of management more closely than ever, through a series of regulations that criminalize certain patterns of corporate behavior. More often than not, a whistleblower alert that triggers an investigation under a particular regulation has a domino effect, with other regulators also taking note of the problem.
For example, earlier in April, a whistleblower from a Mumbai-based asset management company alleged irregularities in the company’s management of fixed income securities systems. This development has placed the asset management company under intense regulatory scrutiny. The investigation revealed a breach of process, but not a deliberate attempt at corporate mismanagement. However, the asset management company’s alleged mismanagement has made major headlines. Such regulatory scrutiny can have significant financial and reputational implications for any business if not managed wisely.
The asset management company could have remedied the process gap with an effective internal investigation. The responsibility does not end there.
Another threat looms over businesses due to the data explosion: insider threats. Data – the holy grail of any business, is the coveted asset that threat actors seek. Whether it’s cybercriminals or malicious insiders, proprietary data is what they’re looking for.
Over the past two years, insider threats from current and former employees have increased in congruence with data theft. In 2022, business leaders say nearly four in ten existing employees pose a data theft threat, while 63% of employees leaving a company admitted to taking data from the workplace. With the increase in insider threats, businesses need a robust investigation mechanism more than ever to identify and manage threats.
Despite this pressing need, 52% of organizations in India say they do not have a dedicated investigation function within the organization, while half of them consider their existing investigation structure to be ineffective. Indeed, only a few organizations (33%) in India have in-house technical support to conduct end-to-end case investigation and review. Here’s another interesting statistic: while a large majority of organizations in India (87%) use or plan to use data analytics as part of their investigative work, only 19% currently use data analytics. mature data.
The writing is on the wall: Having the right digital forensics solution is necessary for effective internal investigations.
Smarter solutions to avoid data silos
Insider threats are increasing as organizations lack visibility across all endpoints in a remote or hybrid work model. New organizational policies such as work from anywhere and bring your own device, migration to the cloud in addition to the proliferation of privacy regulations have made investigations more complex. More remote endpoints mean more security vulnerabilities, given the explosion of data, devices, and regulations.
This means organizations have less control, even less access to data, and less collaboration. Teams can no longer be siled, as the data that needs to be collected spans all teams and devices. In all sectors, investigations are becoming more collaborative and involving staff who are not legal professionals to conduct investigations. At a time when HR, compliance, and legal departments are taking an increasingly active role in preserving and analyzing data for investigations, organizations need to foster collaboration. This need is particularly acute when external lawyers, law firms or service providers are involved in an investigation.
Because legacy forensic technologies can be difficult to scale, they can create data silos, where moving data between departments can take an exorbitant amount of time to collect and process. Existing investigative tools and technologies cannot always provide the efficiency required to complete the investigative workload. Given these realities, businesses need integrated tools that enable and promote collaboration without requiring unnecessary data movement, longer lead times, or higher costs.
Organizations need more powerful and flexible forensic solutions that can handle large and diverse data loads and perform faster than existing platforms. But it’s not just about more processing power. The technology must allow for better indexing, greater scalability, and agile collection capabilities. More than anything, today’s solutions need to be smarter.
Harness the power of AI for internal investigations.
Faster Incident Response: When a data breach occurs, security teams scramble to identify the cause of the breach. Currently, incident response is slow because organizations lack the ability to collect data from all endpoints across a wide range of operating systems. Additionally, in the event of a breach, it is essential to maximize the speed at which electronic evidence is retained, while minimizing the impact on business operations.
Companies need a digital forensic investigation management solution that can do two things seamlessly to initiate an investigation after a breach: perform off-network endpoint data collection and seamless API integration with a
enterprise cybersecurity platform of choice. A solution that leverages deep learning improves the organization’s security posture by integrating with automation and orchestration tools.
Data security: Data security has become one of the most pressing concerns as data breaches can damage a company’s reputation. With high profile breaches being reported, governments are implementing new privacy laws. Increasingly, C-level executives want reassurance from their cybersecurity teams that their data is secure and that the company is compliant with regulations.
One of the toughest questions leaders need to ask themselves is: how do we ensure our employees are protecting corporate data when accessing it from cellphones, smartwatches, or other new emerging devices? ? With the right digital forensics solutions, businesses can ensure that customer data, financial data, intellectual property, personally identifiable information, and legal information are safe from breaches.
With a scalable solution that can be integrated with cybersecurity software, organizations can track malicious activity and identify insider threats quickly and transparently.
Better data collection and review: The ability to monitor threats and quickly remediate security vulnerabilities remotely at every endpoint is the need of the hour. More often than not, digital forensic solutions bring files back to the investigator to perform keyword searches. With more time spent manually reviewing data, surveys are getting longer and longer.
Businesses need a solution that enables triage by focusing on specific data using filters, search terms, or manual data selection, while sifting through it to extract the data needed for investigation .
The path to follow
Technology is the key to smarter investigations, but not all technologies enable agility and efficiency. For smarter investigations, businesses need digital forensics solutions that work, and identifying the right solutions requires five critical steps:
– Does the solution have the ability to take advantage of multi-core computers to achieve the full
the potential of material resources?
– Does the solution allow smart indexing and eliminate repetitive redundancies?
– Does the solution rely on a unified database ensuring that data does not have to move between disparate platforms and products?
– Does the solution ensure that the chain of custody is not interrupted?
– But more importantly, is the solution agile, scalable and secure?
Conventional approaches to internal investigations that don’t have a forensically secure back-end database don’t work because every time organizations move their data, it risks corruption or loss, not to mention additional cost. A connected database allows cross-functional teams to easily collaborate on investigations, accelerating resolution times. This only ensures that investigations against malicious insiders go quickly.
