Sponsored: Applying DFIR to tackle cybercrime
Tackling cybercrime can be likened to Alice in Wonderland taking two steps forward and one step backward – both for the good guys and the bad. It’s a never-ending cycle of investigation and protection to keep companies and individuals safe from attack and avoid lining the already deep pockets of bad threat actors.
06 November 2023
It was a deep-rooted passion for forensics that kept Professor Danny Myburgh in the police force for 14 years – not the two years originally intended – before entering the broader underworld of fraud and corruption. He formed Cyanre, The Digital Forensic Lab in 2004, the largest digital forensic organisation in Africa, with a strong global presence.
With an extensive client list of blue-chip organisations and government departments, Cyanre has become the go-to company for its suite of crime-combating methodologies encompassing forensic investigation, cybersecurity and the legalities of dealing with criminal breaches.
In 2010, he founded Lextrado to offer litigation support services, which include digital document review and eDiscovery platforms in cases that can be extremely complex and have to be very thoroughly and properly handled, especially in the global context. Cybercom came about in 2016, to focus on Incident Response, breach simulation and penetration testing. He remains managing director of all three companies, with a very active involvement in tackling the chaos that follows after security breaches and incidents.
“We assist victums during a cyber incident on a 24/7 basis” says Myburgh. “Ours is a flexible business model and we slot in where needed, as extra hands with the larger entities with substantial security teams, and assist others on an end-to-end basis with all phases of a security breach management process, including handling ransom negotiations.
“Forensics and data security are both extremely sensitive fields and reports have to meet multiple global forensic and regulatory standards in order to be accepted in court. Not only do we advise entities on their environments, but we constantly reinforce the message that security is a continuous process to remain compliant with data and privacy laws and one that requires absolute attention to detail, even when a small part of a company’s database records have been stolen.
“It’s also vital that every entity is on top of the latest trends and technologies as forewarned is forearmed – and be very conscious of the levels of security applied to every employee. Threats can come from within, especially if the temptation is large enough. We’ve seen instances where trusted employees have been offered as much as triple their annual salary to assist threat actors to identify vulnerabilities.”
Myburgh also cautions that both IT departments and IT service providers are not isolated from the organisation, but are always under the spotlight to ensure that promises of protection are constant and not after-the-fact. It’s not uncommon for breaches to come via an IT service provider, he adds, whether or not intentional on the provider’s part.
“Above all, thoroughly research an IT service provider and be very definite about establishing upfront what will be charged in the event of a breach. If you have a ransomware attack, for example, don’t be held to ransom a second time by the IT service provider, asking for additional payment before carrying out the damage control. Also be mindful of the importance of a definite disaster recovery plan and a PR strategy to contain reputational damage,” he concludes.
We place digital evidence @ your fingertips www.cyanre.co.za