Forensics

The pandemic disrupted the way organizations operate, and responding to data security incidents was no exception. With the continued surge of ransomware matters and the impact of large supply chain matters, the capacity of the incident response industry was stretched thin. Organizations worked to quickly contain incidents (despite challenges in simply getting passwords changed and EDR tools deployed to remote workers). Organizations with international operations contended with cross-border and regional restrictions on personnel movement. Getting access to facilities to obtain forensic images was a challenge. Necessity drove creative solutions.

Average Forensic Investigation Costs


$0

All Incidents

$0

Network Intrusion Incidents

$0

20 Largest Network Intrusion Incidents


EDR tool use growing but not yet widespread

An EDR tool can help detect and contain the initial foothold established on a device through phishing, social engineering, or exploitation of a vulnerability. Multiple investigations in 2020 involved quick analysis of incidents identified by an EDR tool at a phase that was right before theft of data and deployment of ransomware.

An EDR tool can help detect and contain the initial foothold established on a device through phishing, social engineering, or exploitation of a vulnerability. Multiple investigations in 2020 involved quick analysis of incidents identified by an EDR tool at a phase that was right before theft of data and deployment of ransomware.


Network Intrusion Timeline

(median data)

Share this page