Digital Forensics and Incident Response in Japan 2020
Japan’s focus on digitalisation is increasing right now. And with that, comes an increased risk of cyber attacks – making it more important than ever to have the right cyber security framework in place. The country’s digital forensics and incident response (DFIR) plays a huge role in cybersecurity services by supporting the latest technology advancements.. It offers a comprehensive solution for IT security professionals who seek to provide fully secure coverage of a corporation’s internal systems.
Given its growing coverage and interest within the cyber space, our Computer Futures team in Tokyo hosted a cyber meetup covering this topic - answering question like ‘why is cyber security so important?’.
Gino Bautista, our Associate Sales Team Manager hosted the meeting - and he welcomed Thomas Glucksmann from Asia Pacific Security as our new co-host. Our panel of experts, David Y. Suzuki from Blackpanda Japan and Joshua D. from Cybereason took the time to share their insights on digital forensics and incident response in Japan and how this can impact IT recruitment solutions.
You may view the recording in full below. Or, if you’d like to read about some of the highlights, just keep scrolling.
What is DFIR?
David broken it down for us by using the analogy of a building on fire. In short, the managed service providers are the building management that oversee the entire building - the Incident Response (IR) team would be the firefighting function, and the digital forensics (DF) team would be the specialist investigators whose main aim is to find out how the fire started. In this case, the ‘fire’ would be the cyber-threat.
While most believe that DFIR is mainly an IT issue, that’s not quite true. It’s most frequently approached from a security perspective, given its similarity to a security response.
Leaving an incident attack running is like leaving the fire burning in the building - this is what most companies are guarding against.
Why is cyber security important?
Unsurprisingly, cyber attacks are currently more focused on the rapidly-growing remote workforce. As a result, companies are prioritising to relook at their cyber strategies to manage and resolve current challenges.
- Challenges that the workforce is facing during such times include:
- Physical access to work – as more people work remotely, most documents and systems need to be accessed digitally
- Rise of unknown assets on network
- Lack of an effective global IT governance
- Regional budget and control vs global strategy
- Language and time-zone barriers
Below are some examples of attacks and tactics that are growing within this space.
- Trending attacks:
- VPN – attacking known vulnerabilities in unpathed/non upgraded VPNs
- Phishing emails that compromises networks
- Misconfigured firewalls
- Trending tactics:
- Lying Off the Land (LOTL) attacks – attacking on python, powershell, perl, batch, JScipt, VBScript
- Red teaming/penetration testing tools like CobaltStrike
- Ransomware Deployment normally after sufficient victiom network is compromised
- Data theft and IR engagement
DFIR and its role in Corporate Investigations
Corporate Investigation is a systematic research conducted to attain information to address suspected violations. These violations include lack of adherence to compliance rules or code of conduct, fraud, intellectual property theft, or a dispute.
David used a case study to share some key insights to the biggest loopholes that cyber attackers aim for. These include:
- No background checks or periodic checking
- No processes in place for external vendors on security and logistics
- Unauthorised data mechanisms on computers
- Open access to internet
- Inadequate data retention policies
- Faulty procedures and lack of compliance
- Lack of security in tracking logistics
- Compromised customer accounts
All the above suggest massive cyber risks which led to 10,000 fraudulent transactions and USD 8million in losses.
What should companies be aware of moving forward?
Companies have to look at the scope of attacks that are growing in sophistication. This includes the number of impacted endpoints, malicious IP traffic that indicates compromised machines beyond sensor deployment, advance malware and advanced TTPs.
Companies should also look at the issues in terms of operational impact, which involves how the attack might impact their very own customers externally.
Joshua shared that resources to engage in a regular clean-up of IT machines may be underestimated during a pandemic - sometimes companies approach cyber firms at the very last minute. Be sure to take on a proactive approach towards securing your organisation’s infrastructures and quip your tech teams with the right skills so that they are ready to deal with such issues even when attacks start to advance in scale. Computer Futures is well-equipped to support your company’s goal to fulfil your needs, especially during times like this where hiring the right fit would save time, cost, and increase efficiency.
More frequently asked questions
- Do you see AI playing any role in DFIR, if not now, maybe in future?
The only way to employ data in larger scale is to use AI – digital forensics if you need to show things in compliant settings, you need to show how you reached your conclusion and AI will help in this to structure it.
- How do we see DFIR capabilities improving in the mobile space?
Mobile presents an interesting problem as users don’t realise how much is actually controlled by the mobile provider. There is an issue of access everything on the mobile device, but there are improvements to pull data from apps remotely to analyse data.
Still interested to find out more?
If you enjoyed the discussion and would like to join us in the next meet-up, be sure to note your interest via the form below, or follow us on our LinkedIn page for more updates from us. And if you want to find out how we can support your IT recruitment solutions, just click on the link below.