Forensic Firms: Understanding and Leveraging Their Expertise From the Start (Part One of Three)

Steve Surdu was interviewed by The Cybersecurity Law Report for a three-part series on the role of forensic firms during a cyber breach. Part one discusses how to understand and leverage the expertise of forensic firms from the start. According to Surdu, forensic consultants have specialized skills and knowledge “that are very difficult for most organizations to maintain.” He adds, “There’s the technical skills, but there’s also the understanding of the threats and the general modus operandi of threat actors. The forensic firm that does this work all the time is going to know what to look for and will have the ability to find what many organizations can’t.”

Commenting on forensic investigations, Surdu says a forensic firm would typically work on an intrusion, where there was data loss, or provide “litigation support,” where perhaps there was insider activity and the company was headed towards litigation. He notes, “Forensic investigations can require significantly different approaches depending on their size and scope. Different approaches and tools are required to successfully perform enterprise-wide analysis when a significant amount of activity has occurred on a very broad scale within a large environment.”

According to Surdu, “there are significant advantages to establishing a relationship with one or more forensic investigation firms in advance” of an incident. Not all companies establish the advance relationship, Surdu says, but “one of the big advantages of having one in place is that if something occurs, you can react very quickly to it.”