IT forensic services engaged “after the fact” are often a grudge purchase because they don’t come cheap and getting evidence to court is not a given. If the matter does go to court, there are those costs to consider.
Companies are better off taking a preventative approach to stop IT-related fraudulent activity from happening in the first place.
This is the opinion of Herman van Heerden, executive director at NEWORDER Industries, a local technology company that provides specialised enterprise risk management, IT security, virtualisation and storage solutions and services to companies in Africa.
“Companies that engage IT forensic services typically do so after they’ve been defrauded or there’s been a breach in confidentiality or a data leak, and they want to take action against whoever they suspect did it.
“IT forensics is a specialist field, requiring specialised skills and tools. An audit is extremely human resource-intensive and due diligence must be followed to the letter if the evidence, if any is found, is to be admissible in court. All of this translates into heavy costs.
“When companies are unable to take action against fraudsters after spending huge sums of money to gather evidence against them, it is money spent begrudgingly and it is money that cannot be recouped. For this and many other reasons, IT forensics should by no means be considered a remedy for fraud,” says Van Heerden.
He stresses that with the majority of fraud and data leakages originating from within companies, organisations today cannot be too trusting of their employees and should implement stringent measures to prevent internal fraud – and avoid the exorbitant costs of enlisting IT forensic services.
“There has been a shift in the modus operandi employed by fraud syndicates which have made it imperative for companies to tighten the reigns considerably when it comes to controlling their employees’ access to business information.
“Instead of paying a skilled hacker to break into company systems, syndicates are now employing social engineering tactics and targeting employees already on the inside with access to company systems.
"Sadly, it is cheaper for them to ‘buy’ the help of a disgruntled employee than it is to commission the services of a hacker, which means they can get access and defraud companies of millions at a fraction of the cost.
“Organisations should have measures in place to mitigate internal fraud, as well as mechanisms which can alert them immediately if breach happens to occur,” says Van Heerden.
Intrusion prevention and network information management systems deployed on the inside of a network are part of the solution. These technologies help to stop unauthorised access to company computers and servers which can result in confidential business information being stolen, leaked or landing in the wrong hands.
Other measures also need to be put in place to control the use of peripheral, plug in devices such as memory sticks, CD burners and printers, which could be used to extract data from company systems.
“Ultimately, companies need to have a holistic approach to protecting their systems and information. Network information management systems can simplify the identification of internal threats,” he says.
To ensure that systems and data are adequately secured from all fronts, Van Heerden says organisations must take a comprehensive and methodical look at the network and every endpoint from the perspective of a hacker on the outside and a malicious (or unwitting) employee on the inside.
“Because so many threats occur from within, we always recommend that companies seek a third party to conduct penetration testing, vulnerability scanning and enterprise risk audits.
"This ensures an objective view of the organisation’s IT security posture. Unfortunately in this day and age, it has become necessary for organisation’s to audit their IT department. This is obviously best done by third party specialists for an accurate, unbiased assessment,” he advises.
He concludes by saying that with strict and on-going enterprise risk management, companies can lessen their chances of landing in a situation where they have to enlist IT forensic services. “Prevention is always better than cure.”