Pub. 9 2014-2015 Issue 2

www.nebankers.org 24 Extraordinary Service for Extraordinary Members. W HEN MOST PEOPLE HEAR THE term digital forensics, they think about the TV show CSI and how the forensics team is able to figure out who the bad guy is with very little information in a relatively short period of time. However, the reality is that the field of digital forensics couldn’t be farther from the scripted TV series. Due to the recent rise in national and international cyber attacks that are directly impacting local commu- nity banks, such as the Target, eBay, Michaels, or Neiman Marcus breach, coupled with the increase in corporate account takeover, it is more important now than any time in history that banks have some sort of digital forensics capa- bility or plan. If you do not have the ca- pacity to conduct forensics, then make sure you have a forensic investigator on retainer. Here is why: Issue #1 - The old adage of quaran- tining a malware infection, removing it then putting the system back into production, is a thing of the past. Banks now have to answer whether or not customer data was compromised, if the infection was localized to the specific system, or if it made lateral movement through your network. Banks have to show that the malware infection was removed, and you cannot answer this without computer forensic tools and techniques. The Role of Digital Forensics in Community Banking Nick Podhradsky, Vice President of Sales, Secure Banking Solutions Issue #2 - Community banks seldom have a plan or program in place to ad- dress the digital forensics issue. When an incident occurs requiring digital forensics capability, banks are often in a frenzy and end up calling random companies to help, thus paying more for a service due to the urgency of the situation. At a minimum, community banks should start to implement a digi- tal forensics response protocol for the following incidents: employee turnover, serious malware infections, and insider threat cases. This protocol should ad- dress who the bank is going to contact for help. Issue #3 - Community banks lack proper training and handling of digital evidence. Many of the forensics inves- tigations that banks conduct are halted before they start because of improper imaging and handling of digital evi- dence. It will be very important for your IT staff at your bank to be knowledge- able of the proper steps to forensically preserve, store, and transport digital evidence. Banks should review and implement a digital forensics capability for the fol- lowing incidents: Insider Threats Two common instances of insider threats occur at community banks: intentional and unintentional. Inten- tional insider threats normally happen when an employee is actively trying to steal information from the bank. This can be done through unauthorized ac- cess to certain information or stealing customer information. Unintentional insider threats are more common and also more difficult to identify, prevent, and investigate. A common example of an unintentional insider threat occurs when an unsuspecting employee clicks on a phishing email and installs mali- cious software on his or her computer. Malware Infections Malware infections are on the rise and show no signs of slowing down. As