[July 2019] Cybersecurity – On the front line

By Andrew Smith, Director of Computer Forensics Services, Orion Investigations Co., Ltd


I am a digital forensic investigator with nearly 17 years of experience. For the past 7 years I have been based in Bangkok. My role does not just include conducting forensic investigations but also to provide forensic training to the local market and to raise awareness of cybersecurity in general. I would like to share with you some of my experiences in the field cybersecurity and provide some simple tips that may prevent your company from becoming another victim of cybercrime.

With the push for a digital economy, Thailand 4.0 has meant that the issue of cybersecurity has been pushed to the forefront.  Each year we continue to see a growth in demand for forensic awareness training and for forensic examinations. However, there is still a general lack of understanding about digital forensics and we continue to see companies making the same mistakes over and over again.

The most common types of investigations we deal with are the theft of company data by a rogue employee, Internal fraud by a trusted staff member in a managerial position and wire transfer fraud. Wire transfer fraud is where someone has somehow gained access to an email chain between the accounts department and a 3rd party vendor. The fraudster will create an email address that looks almost identical to the 3rd party vendor and send an email requesting that when the invoice is paid, “please pay the money into a different bank account”. The fraudster will often provide a mildly credible reason for why the money needs to be paid into a different bank account. Once the money has been transferred it is often impossible to recover. How the fraudster gains access to the email chain can be very difficult to identify so it is best to train your staff that handle payments, how to respond to such requests.

If your staff receives a request to make a payment into a different bank account, they should do the following:

  • Inform management of the request
  • Speak directly with the company making the request to confirm if the request is genuine or not
  • Train your staff that whenever they use a public WIFI that they do so using a virtual private network (VPN). This will keep their network traffic secure.

These simple tips could save your company from suffering a large financial loss.

In order to help prevent theft of company data consider the following points:

  • Review which staff actually need the ability to connect USB devices to their company computer and restrict those that don’t
  • Don’t allow staff to use their personal mobile phones for company business
  • Don’t allow staff to use their personal email accounts for company business

In addition to the above tips, review your internal processes to make sure there is oversight for staff at all levels. Consider providing training to all staff on the latest cybersecurity threats such as phishing emails and ransomware.

When something does go wrong, management will naturally turn to their IT staff to begin an investigation and collect potential evidence. However, consider the following points:

  • Usually the IT staff have not been trained in how to conduct a methodical investigation
  • They are often unaware of the need to maintain a complete chain of custody from the collection of data stage through to producing a report
  • Are unaware of all the potential sources of evidence
  • Lack the specialist tools required to conduct a forensic investigation
  • Lack experience in correctly interpreting the findings of the investigation
  • Lack experience in preparing evidence and professional reports for court
  • Inexperienced at presenting digital evidence at court as an expert witness

Companies often assume as long as the person conducting the investigation holds some type of IT qualification than this will be sufficient. Digital forensics is a highly specialized field and, as demonstrated by the points above, requires a forensic investigator with the appropriate qualifications and experience to conduct the forensic investigation.

Another important issue to consider is the experience of your legal team. Do they have experience of dealing with cyber-crime cases and do they have the technical understanding of digital evidence? Due to the potential complexity of cyber-crime cases the legal team will often have to work closely with the forensic investigator to ensure the best possible outcome in any legal proceedings.

Without doubt, the number of legal cases using electronic evidence will continue to grow. Also, as the number of forensic specialists in Thailand increases, we can expect to see electronic evidence that has not been handled correctly to be more robustly challenged in the court. If you are involved in legal proceedings where the other side is presenting digital evidence, you should consider hiring your own forensic expert to examine the validity of their evidence. In order to give yourself the best chance of success in any legal proceedings, make sure you use suitably trained forensic investigators and lawyers with the experience of dealing with electronic evidence.

 

Andrew

Andrew has 17 years’ experience in the field of digital forensics. Andrew was a UK police officer for 9 years of which the last 4 years was spent working within the police computer crime unit where he received extensive forensic training. His role included the acquisition of electronic data, analysis and the presentation of evidence in the UK courts as an expert witness.
Andrew also worked for over 5 years for a highly respected UK information security company where he became the manager of the computer forensics team. His role included overseeing investigations for both the public and private sector and the delivery of master degree training courses for a UK university.
Andrew has now been based in Bangkok for over 7 years and is the Director of Computer Forensics Services for a commercial investigation company called Orion Investigations. His role is to oversee all forensic investigations, business development, promote awareness of cyber security and present evidence as an expert witness. He has regularly appeared as a guest speaker for various business chambers and organizations. Andrew has developed a range of forensic training courses for the local Thai market. Andrew has also developed a number of free forensic tools which are now used in forensics labs all around the world.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s