Using digital forensics after a data breach can save your organization $

The ID Experts Data Breach Examiner recently published an interesting article on the key benefits of performing a forensics investigation after a data breach. I found several of the cost-saving benefits surprising. I have highlighted a couple of the keys points below.

1. Outside forensics investigation preserves critical evidence of the data breach. A proper forensics investigation utilizes specific methods to protect the evidence of the attack so the organization can best defend itself against regulatory fines and litigation. After an incident is suspected, the natural reaction of the IT department is to quickly remove the offending malware and patch the security gap. According to Winston Krone at Kivu Consulting this knee-jerk reaction oftentimes makes it harder to determine what actually happened and may make the breach response more complicated.
2. Forensics analysis can save notification costs. A quick, accurate identification of the data compromised allows organizations to correctly notify the appropriate individuals the first time and avoid damaging public misstatements. Krone said oftentimes forensics investigations determine the scope of loss was smaller than originally suspected or that the incident was not a breach that required notification.
3. Regulators want details on the data breach incident. State and federal regulators are starting to require organizations provide fuller explanations of the breach incident, its causes and what the organization has done to prevent future losses. Forensics analysis provides organizations with third-party expert analysis and proof that the organization is taking the appropriate steps.

Krone recommends including forensics into your organization's incident response plan so everyone knows what to do should an incident occur.