The importance of ramping up digital forensics and incident response tech investments

Magnet Forensics announced the release of an IDC survey which revealed that more than half of the respondents are expecting to make major investments in digital forensics and incident response (DFIR) technology over the next two years to address growing cybersecurity threats.

DFIR technology investments

“The results of the survey are clear: Digital forensics is going to play a central role in helping enterprises protect their most valuable digital assets over the next several years,” said Adam Belsher, CEO at Magnet Forensics.

“Today’s threat landscape calls for enterprises to be prepared to respond to their leaders being impersonated in business email compromise attacks, their intellectual property being encrypted and exfiltrated through ransomware and the persistent threat of insiders.”

Significant DFIR technology investments expected

The survey of 466 DFIR decision makers and practitioners found that major improvements are needed across the board in digital forensic strategies. The respondents are expecting significant investments to carry them out.

  • About 1 in 3 respondents said major improvements or a complete overhaul were needed in four of six functions of DFIR: analysis of digital evidence, remote acquisition of target endpoints, cleaning and organizing of information and documenting, summarizing and reporting.
  • More than 60% of respondents expect major investments to be made in five of the six functions of DFIR. Only remote acquisition of target endpoints (58%) fell below this bar.
  • Fewer than 7% of respondents expect no new investments to be made in each function of DFIR over the next two years.
  • Nearly half the respondents ranked cloud forensics as the area that requires the most significant additional resources in their organizations.

“The sophistication and persistence of threat actors are increasing every day and it’s leading enterprises to realize they’ll need to make a strong investment in digital forensics and incident response technology and talent to safeguard their assets,” said Ryan O’Leary, research manager, privacy and legal technology at IDC.

“The survey shows digital forensics and incident response professionals are worried about the dangers posed by ransomware and malware over the next two years and that major investments will be needed to address their concerns.”

Organizations turning to third-parties for help

The additional investments would come at a time when the volumes of data and cybersecurity threats are overwhelming organizations’ existing digital forensics personnel. The survey found that organizations with 500 to 999 employees are operating with an average of just two digital forensics professionals, while those with more than 10,000 have an average of under 15.

Nearly 50% said they’re turning to third-parties for help due to the excessive volume of investigations they’re handling. These professionals, the survey found, responded to major cybersecurity events that placed their organizations’ most valuable assets at risk in the past year.

  • Nearly 1 in 4 respondents identified ransomware as the most frequent event they investigated in the past year.
  • Most ransomware attacks culminated in monetary damages. The most common ransom paid by the respondents (17%) was between $100,001 and $500,000.
  • Ransoms above $1 million may be rare, but 5% of respondents paid them.
  • Only 13% of respondents who handled ransomware attacks avoided paying a ransom.
  • The damages caused by ransomware attacks weighed on the respondents’ outlook for the next two years. Going forward, they are three times more concerned by ransomware and malware than they are by any other threat.

Don't miss