Our Website Uses Cookies 

We and the third parties that provide content, functionality, or business services on our website may use cookies to collect information about your browsing activities in order to provide you with more relevant content and promotional materials, on and off the website, and help us understand your interests and improve the website.

For more information, please contact us or consult our Privacy Notice.

Your binder contains too many pages, the maximum is 40.

We are unable to add this page to your binder, please try again later.

This page has been added to your binder.

Forensic Firms: Understanding and Leveraging Their Expertise From the Start (Part One of Three)

February 22, 2017, The Cybersecurity Law Report

Steve Surdu was interviewed by The Cybersecurity Law Report for a three-part series on the role of forensic firms during a cyber breach. Part one discusses how to understand and leverage the expertise of forensic firms from the start. According to Surdu, forensic consultants have specialized skills and knowledge “that are very difficult for most organizations to maintain.” He adds, “There’s the technical skills, but there’s also the understanding of the threats and the general modus operandi of threat actors. The forensic firm that does this work all the time is going to know what to look for and will have the ability to find what many organizations can’t.”

Commenting on forensic investigations, Surdu says a forensic firm would typically work on an intrusion, where there was data loss, or provide “litigation support,” where perhaps there was insider activity and the company was headed towards litigation. He notes, “Forensic investigations can require significantly different approaches depending on their size and scope. Different approaches and tools are required to successfully perform enterprise-wide analysis when a significant amount of activity has occurred on a very broad scale within a large environment.”

According to Surdu, “there are significant advantages to establishing a relationship with one or more forensic investigation firms in advance” of an incident. Not all companies establish the advance relationship, Surdu says, but “one of the big advantages of having one in place is that if something occurs, you can react very quickly to it.”


Share this article: