Interviewing Employees After A Data Breach
With our growing reliance on technology and data across the economic landscape, the number of cybersecurity incidents per year has been growing steadily over the last 15 years. Data breaches alone have steadily increased, with the last five years being the most volatile and damaging. In 2020 alone, the number of reported data breaches that occurred across the United States came to a whopping 1,001 incidents, impacting more than 155 million individuals.
For Charlotte organizations with robust cybersecurity response plans in place, these incidents trigger a series of steps to be taken by the cybersecurity team responding to the incident. The second series of steps in the traditionally 5-6 step response process involves following up with employees to determine the specifics of the breach around what systems were breached, who was involved, and how the breach was detected, amongst other details. While other members of the team work to secure the physical systems and evidence, you should dedicate resources to following up with the employees involved.
Employees are a Critical Link in the Investigative Process
Investigating a data breach isn’t as glamorous or even as dramatic as what you might see on your favorite weekly television. Unless the hackers are extremely bad at what they do, breaches often go undetected for months at a time – IBM’s research shows it takes an average of 280 days for an organization to recognize that a breach has taken place and then take the follow-up steps necessary to contain it. By this point, investigators are already well behind and are playing a game of catch-up. Aside from data logs and digital forensics, investigators are often left with employee interviews as their primary source of information.
Employees Are the Primary Cause of Data Breaches
In the cybersecurity sector, there is an ever-increasing call for more effective and more frequent training for employees. That’s because most studies show that while breaches and other cyberattacks are a major concern of just about every industry segment, only half of businesses have deployed the necessary antivirus and antimalware software to protect their systems. Instead, they have relied more on employee reporting over systems designed to protect and notify. Further, due to a lack of proper training, it’s estimated that upwards of 75% of attacks were inadvertently caused by an employee’s accidental negligence or lack of knowledge.
Employee Interviews Can Provide Valuable Insight Into the Nature of a Breach
Even with the right tools, a cybersecurity forensics investigator can be challenged in finding the right path to discover the nature of a data breach. By talking to employees, investigators can unearth a number of issues that could have resulted in a successful cyberattack.
- An employee interview could reveal that the breach resulted from a phishing email, which is currently considered the top threat vector for internal data breaches.
- Interviews can reveal a lack of proper training or employee beliefs that conflict with corporate policy on proper data ownership. While accidental failure to uphold policy isn’t the same as willful noncompliance with data management standards, both can lead to costly breaches.
- Employee interviews aren’t just for staff. It’s just as crucial to include leadership and c-suite executives in the dialogue. Why go so high up the chain? Because according to the Egress Insider Data Breach Survey 2020, while 10% of staff-level employees willfully ignore data protection stan 78% of director-level staff have shared data against established data privacy policies during the period surveyed.
Barefoot PI’s Investigators Know the Right Questions to Ask
As specialists in interviewing witnesses and assisting in the forensic investigation following a breach incident, our team of professionals can provide an invaluable resource in assessing and investigating data breaches at your organization. Learn more about our services and how we can help improve your team’s incident response capabilities.