Published on June 23rd, 2015 | by admin
Cybercrime Investigators: A Modern Take on the Private Sleuth
There’s always been a bit of an air of mystery around criminal investigations. So much literature and TV time is given to investigating crime, it seems a national obsession. As human beings are becoming more and more digitized in what we do and how we communicate, cybercrime is following suit and is now a big part of the criminal underworld that we have to deal with in the day to day operation of a company.
Cyber-attacks are increasingly sophisticated and difficult to detect, especially those that use stealth and zero-day vulnerabilities to enter our systems. As the world of cyber espionage and crime become part of our working landscape, we see an increasing need to look to the special skills of cybercrime investigators. These specialists need to be part of our extended security team to take on the complex tasks of digital analysis and cyber-attack remediation.
What Does Cybercrime Investigator Look Like?
“Down these mean streets a man must go who is not himself mean, who is neither tarnished nor afraid. The detective must be a complete man and a common man and yet an unusual man. He must be, to use a rather weathered phrase, a man of honor.”
Raymond Chandler. ‘The Simple Art of Murder’
Cybercrime investigation is not only a recognized career path, but a highly in-demand one. In fact, the FBI has Cybercrime Investigation as one of their five career paths, and many U.S. universities offer degree programs that specialize in the area of cybercrime investigations and digital forensics. Being taught the details and processes of computer forensics and the methodologies of cybercrime is a great way to start to build the skill set needed to become a cybercrime investigator, but it isn’t the only way to do it.
The software industry is unusual in that it, being a new kid on the block in terms of disciplines, has been able to allow individuals to build vast experience over years of working in the industry instead of going to university. Often these folks have come from a traditional engineering or scientific fields and already have great analytical skills, which are the most important skill set to have in cybercrime investigation.
A cybercrime investigator needs to be able to take information and data and understand the implications hidden within. But applying this knowledge needs to be done from a standpoint of deep understanding of computers and their infrastructure, in addition to the highly useful skill of understanding human behavior. The latter is especially true in this era of socially engineered cyber threats.
The areas most impacted by cybercrime are data loss and computer or critical infrastructure system damage. In terms of data loss, we’re talking about data of all kinds, including personal identifying information (PII), intellectual property and other proprietary information, financial details and identity credentials for login to internal and external systems. So, in addition to these skills, it is also useful to have, at least an awareness of, the legal aspects of collecting and handling data that may become part of an investigation and form evidence.
This unique combination of skills in analysis, computing and legal, means that the cybercrime investigator is a rare beast. According to the Bureau of Labor Statistics (BLS) the outlook for growth in jobs to 2022 for a cybercrime investigator is 37% – this is much higher than the average growth rate for other occupations. Coupled with this is the fact that more than 209,000 cybersecurity jobs are unfilled in the USA. This will make finding an experienced forensic cybercrime investigator highly competitive in the coming years, as that unique combination of skills, mentioned previously, will be very much in-demand.
For organizations facing a shortage of investigator or analyst talent, having the tools to simplify complex, manual investigations aren’t just nice to have, but necessary.
Cybercrime Investigation in the Enterprise
Cybercrime investigators are now, and will continue to be in the coming years, an expensive and highly sought after commodity. As cybercrime rates soar, companies in the United States are experiencing annual losses of hundreds of millions of dollars due to cybercrime, with losses standing at around $800 million in 2014.
Because cybercrime is now so ubiquitous, an enterprise has to place cybercrime and its impact as part of their core operations; with CISO’s and other board level executives bringing the issue into the boardroom. Finding an individual or team to take on the task of managing and controlling cybercrime for an organization is an investigation process in itself.
There are consultancy companies that specialize in the area of computer forensic investigations. These consultants will work with you to build a strategic plan for monitoring, managing and potentially dealing with the damage of cybercrime. As well as offering monitoring capabilities, good consultants will also have emergency response teams that will come in and help your respond to a disaster – your disaster recovery plan, hopefully already built will have this service as part of that plan.
You can also, of course, employ cybercrime investigation specialists to work at your premises. As aforementioned, these investigators and analysts possess a unique skill set that make them difficult to find and competitive to employ. The widely accepted fact is that even with the best perimeter defenses, your company will be breached if it hasn’t been already. This means, having the right personnel – coupled with rapid remediation tools or solutions – are critical to the ongoing functionality of your business. This crunch isn’t just one that enterprises are facing; it’s affecting the public sector as well, which is why many government led initiatives are being developed to share data.
The FBI’s service known as InfraGard is one such initiative worth considering. This is a nationwide program with 85 chapters and 35,000 member companies, which allows organizations to work with the FBI collaboratively to share cybercrime data to help to secure organization computer networks and other facilities.
Whichever method you choose to protect your infrastructure and data from cybercriminals, you should back it up with the correct forensic tools. The incoming attacks are becoming highly sophisticated, as evidenced by the recent Duqu 2.0 breach which used stealth methods to hide itself and evade early detection. Having the right tools in place to give your investigators, no matter how many you have employed, the intelligence to perform their job is essential to having a successful outcome to any digital forensic analysis.
Cyber-attacks can generate a lot of complex information that is difficult to discern and time is of the essence in these attacks. The ultimate outcome of a cybercrime investigation is to have the ability to implement changes to prevent the crime happening again, or to at least minimize the impact of the same or similar crimes. Making sure you have the right tools to help your security team quickly locate and contain a threat is the best way to ensure a cyberattack impact is prevented or at least minimized.