When a company suffers a data breach, they have a short window of time to gather critical evidence to ensure an effective response. In too many cases, an organisation’s internal IT staff are forced to act as a first line of defense. Unfortunately, first responders who are not trained in data recovery and forensic analysis often do more harm than good, inadvertently damaging or mishandling critical data and evidence.
Kroll’s experts have unparalleled experience and training using the most up-to-date forensic software and protocols to collect and preserve data in the aftermath of a breach. We handle evidence using proven, forensically sound data recovery methods and processes that are supported by case law.
We tailor our forensic methods to match our clients’ technology – from servers to laptops and smartphones. Our experts also examine physical systems and work with relevant personnel to get real answers to client questions and determine scope and impact of a data breach.
The experts on our Cyber Risk team are Certified Information Privacy Professionals (CIPP) and highly trained in the most specialised data recovery tools and processes. Because we understand the relevant case law on reliability for digital tools, we employ industry standard processes – including chain of custody and documentation – to ensure forensic accuracy. We utilise state-of-the-art technology to perform forensic analysis and have the knowledge and experience to accurately interpret findings, turning data points into a clear timeline and story that can be presented in court.
With Kroll’s cyber experts, our clients know their first responders are thinking beyond the immediate crisis toward solutions that will enhance their organisation’s security posture. We work with their in-house counsel to ensure our forensic analysis and incident recovery efforts put them in the strongest possible position. Our team leaves every client better protected and more prepared to manage future incidents.
Kroll’s field-proven incident response tabletop exercises provide a customised test of every aspect of an organisation’s cyber response plan.
Today, you learn your company is experiencing a serious cyber incident. It could be a ransomware attack, a hacked O365 email account, the theft of PII or PHI, data exposure from misconfigured network settings. What is the first step you should take?
Kroll’s cyber audits and reviews ensure third parties handle sensitive data according to regulatory guidelines and industry standards.
Manage risk, not spreadsheets. Identify and address cyber threats in third-party relationships to ensure compliance with regulations such as NYDFS, FARS, GDPR, etc.
Safely perform attacks on your production environment to test your security technology and processes.
by Andrew Rathbun, Eric Zimmerman
by David White
by George Glass
by Dave Truman