This real-life example demonstrates the impact – and possible solutions – to modern cyber-crime. This case study looks at the victim, the problem, the solution and the outcome.
- A company in the energy sector was the focus of a modern cyber-investigation.
- Victim of multiple compromises over a two-year period.
- Thirteen attackers (not affiliated with each other) from countries around the world.
- Investigating the stealthy and complex attacks of today.
- Due to the complex nature of attacks, they often go undetected for prolonged periods of time. In this case, we were investigating attacks that occurred on a production system over the two previous years.
- KPMG used its cyber-investigation service, which leverages database forensics, a new area of forensic science specifically designed to track activity within a database system.
- KPMG used this service to pinpoint the commands executed by the attackers, the records they access within the database and the information disclosed. Much of this activity occurred years earlier.
- This advanced investigation capability allowed KPMG to narrowly scope the breach, which reduced impact to the client. Traditional forensic investigations are not effective within the relational structures of databases and result in assessing the scope of an intrusion much bigger than it actually was. With the recovery cost of a breach directly linked to the type and number of records impacted, this can result in unnecessary impact to organizations that experience a breach.
- KPMG is a pioneer within database forensics and has literally written the book on it (ISBN: 0321544366.) The service we have designed is unique and leverages proprietary tools to perform this complex area of forensic science.
- Scaled-down versions of KPMG tools have also been provided exclusively to law enforcement within Canada and the USA.