From aligning your IT with your business needs to an end-to-end strategy for transforming your enterprise, TCS has the world-class experience and expertise that you need. Contact a consultant today

Email TCS

Find a TCS Location:

White Paper

Forensic Readiness for Effective Incident Management


The surge in cyber-attacks in the financial sector is leading to an increase in legal, regulatory, and privacy compliance issues. The lack of proper forensic readiness pushes up the cost of incident investigation and augments the legal and compliance issues. In this paper, we discuss the components of an effective forensic readiness program, the implementation strategy, and the costs involved, while highlighting potential benefits.

Cyber-attacks: A growing area of concern
The recent cyber-attacks on banks, financial institutions, and payment processors are a validation of the increasing technical expertise of cybercriminals and their ability to cause significant damage while orchestrating remotely. From mobile malware to banking Trojans, and point-of-sale (POS) and retail breaches, the threat landscape continues to evolve. At the same time, payment risks associated with retailers and payment processors are raising concerns.
POS breaches, such as the ones that struck Target Corporation and Neiman Marcus, illustrate the complexities involved in ensuring the security of financial transactions across multiple entities. Distributed Denial of Service (DDoS) attacks, spear phishing, mobile malware, ransomware, and insider threats, continue to endanger banking and financial institutions.

Given the circumstances, an ideal approach is to focus on detecting, recovering, and mitigating cyber security risks across multiple channels. A poorly managed security incident can adversely impact an organization by increasing downtime, escalating the cost of investigation, and attracting legal liability and sanctions besides resulting in negative publicity.

How Digital Forensic Readiness Can Come to the Rescue
Forensic science is the application of science and technology to resolve legal problems. Digital forensics is a branch of forensic science that deals with acquiring, authenticating, and analyzing digital evidence in a legally acceptable
manner. It is commonly employed as a post security incident response to understand the 'what, why, who, where, and when' of an incident, but can come in handy as a preemptive tool as well. Organizations can hugely benefit from collecting, authenticating, and preserving the evidence before the occurrence of an incident. The forensic readiness concept essentially implies collecting credible digital evidence and minimizing the investigation cost during an incident response. It also covers an organization's ability to use digital evidence to its maximum potential while reducing the cost of investigation.

A Cost versus Benefit Analysis of a Digital Forensic Readiness Program
Some typical costs related to the implementation of a digital forensic readiness program arise from:

  • Policy making: The organization's data collection and retention, cyber security, and incident response policies and procedures should be evaluated and updated accordingly. Assessing the incident response maturity of the organization is a prerequisite.
  • Execution: A seamless mechanism for collecting, storing, retrieving, and retaining digital evidence, needs to be deployed. In addition, advanced analytics capabilities need to be built in to the system.
  • Personnel training: Employees need to be trained on information security management, security awareness, incident response, and digital forensic capability.

Digital forensic readiness offers benefits across multiple business operations, such as:

  • Seamless collection of evidence: The program enables organizations to gather evidence in a legally acceptable manner, and without disrupting business processes. It also ensures that the collected evidence is relevant to the case, thus having a positive impact on the outcome of the investigation.
  • Risk mitigation: Accurate identification of location of potential digital evidence helps organizations decrease the impact of cyber security incidents. Business downtime and investigation costs can be significantly reduced.
  • Legal and regulatory compliance: The program helps organizations ensure requisite legal compliance, thus building a positive image among customers, which in turn increases their confidence during contractual discussions. It also enables effective management of litigation issues or when the court orders for the investigation data to be presented.

Banking and financial institutions no longer view cyber security as a financial burden or a compliance hurdle, but consider it a vital business enabler that enhances customer confidence and brings in more business. As a result, organizations’ attitude to cyber security investments has changed. Organizations should extend this shift to forensic readiness programs as well to better respond to security incidents and mitigate their impact. By integrating an effective digital forensic readiness framework with the information security and governance strategy, organizations can minimize the cost of collecting evidence in a forensically sound manner besides reducing litigation and business downtime.