Digital forensics key area of investment to combat ransomware
Ransomware has been identified as the most frequent threat in the cyber attack landscape, with only 13% of respondents able to avoid paying a ransom after an attack.
Magnet Forensics, a developer of digital investigation software, has announced the release of the IDC eBook, 2022 State of Enterprise DFIR.
The survey of 466 digital forensics and incident response (DFIR) decision makers and practitioners found that major improvements are needed across the board in digital forensic strategies.
The respondents are expecting significant investments to carry them out:
- About 1 in 3 respondents said major improvements or a complete overhaul were needed in four of six functions of DFIR: analysis of digital evidence, remote acquisition of target endpoints, cleaning and organising of information and documenting, summarising and reporting.
- More than 60% of respondents expect major investments to be made in five of the six functions of DFIR. Only remote acquisition of target endpoints (58%) fell below this bar.
- Fewer than 7% of respondents expect no new investments to be made in each function of DFIR over the next two years.
- Nearly half the respondents ranked cloud forensics as the area that requires the most significant additional resources in their organisations.
IDC research manager, privacy and legal technology Ryan O'Leary says, “The sophistication and persistence of threat actors are increasing every day and it's leading enterprises to realise they'll need to make a strong investment in digital forensics and incident response technology and talent to safeguard their assets.
"The survey shows digital forensics and incident response professionals are worried about the dangers posed by ransomware and malware over the next two years and that major investments will be needed to address their concerns.
The additional investments would come at a time when the volumes of data and cybersecurity threats are overwhelming organisations' existing digital forensics personnel, the researchers state.
The survey found that organisations with 500 to 999 employees are operating with an average of just two digital forensics professionals, while those with more than 10,000 have an average of under 15.
Nearly 50% said they're turning to third-parties for help due to the excessive volume of investigations they're handling. These professionals, the survey found, responded to major cybersecurity events that placed their organisations' most valuable assets at risk in the past year:
- Nearly 1 in 4 respondents identified ransomware as the most frequent event they investigated in the past year.
- Most ransomware attacks culminated in monetary damages. The most common ransom paid by the respondents (17%) was between US$100,001 and US$500,000.
- Ransoms above US$1 million may be rare, but 5% of respondents paid them.
- Only 13% of respondents who handled ransomware attacks avoided paying a ransom.
- The damages caused by ransomware attacks weighed on the respondents' outlook for the next two years. Going forward, they are three times more concerned by ransomware and malware than they are by any other threat.
Magnet Forensics chief executive officer Adam Belsher says, “The results of the survey are clear: digital forensics is going to play a central role in helping enterprises protect their most valuable digital assets over the next several years.
"Today's threat landscape calls for enterprises to be prepared to respond to their leaders being impersonated in business email compromise attacks, their intellectual property being encrypted and exfiltrated through ransomware and the persistent threat of insiders."
IDC conducted a web survey, commissioned by Magnet Forensics, of 466 digital forensics and incident response decision makers and practitioners between September 15 and October 15, 2021. The respondents all work at organisations with 500 or more employees, across a variety of industries.