Regardless of the type of cybercrime or data exposure, Kroll has the human and technology resources to act quickly to identify threats, secure valuable data, and investigate a digital trail wherever it may lead. If an attack comes from the inside, we combine our digital forensic expertise with recognised investigative methods, including employee interviews and surveillance, to determine how anyone with access to sensitive information may have interacted with a client’s system.
In the case of an outside attack, such as malware, ransomware or business email compromise, our investigators collect and examine both digital and physical evidence to determine where, when and how an incident occurred and if the client’s systems are still vulnerable. Kroll can determine what data may have been compromised and if any digital evidence has been altered or erased. Our experts work with our client’s in-house teams to recover data and accurately recreate events to develop an effective recovery plan.
– Devon Ackerman, Managing Director, Head of Incident Response, North America
With the rising concerns of ransomware and intrusions that leverage data exfiltration, Kroll’s incident response teams have not only the experience to properly investigate the many aspects of risk to data, but also the technical understanding of how to properly contain the threat and eject active actors from compromised networks.
Kroll’s client – a global software company based in Europe – received an email from anonymous source claiming it had access to sensitive data, including personally identifiable information, confidential financial records, and IP source code for a subsidiary. The sender demanded a ransom of one million euros in bitcoin and gave the client two weeks to pay before the data would be leaked.
Kroll’s team of forensic investigators determined that someone inside the company was source of the infiltration. We identified the individual responsible and gathered essential information to assist with a prosecution.
For more details, read the full case study.
Members of Kroll’s cybercrime investigation team reflect our multidisciplinary approach to leadership and problem-solving. If a client faces litigation or regulatory action, our experts work closely with their in-house and outside counsel and other senior executives to explicate forensics data to help make their case. We can also assemble case files for referral to regulators or law enforcement and, if requested, serve as expert witnesses.
Below are a selection few of our services available to support incident response and cyber investigations:
Today, you learn your company is experiencing a serious cyber incident. It could be a ransomware attack, a hacked O365 email account, the theft of PII or PHI, data exposure from misconfigured network settings. What is the first step you should take?
Kroll’s field-proven incident response tabletop exercises provide a customised test of every aspect of an organisation’s cyber response plan.
Manage risk, not spreadsheets. Identify and address cyber threats in third-party relationships to ensure compliance with regulations such as NYDFS, FARS, GDPR, etc.
Kroll’s cyber audits and reviews ensure third parties handle sensitive data according to regulatory guidelines and industry standards.
Safely perform attacks on your production environment to test your security technology and processes.
Manage cyber risk and data security governance with Kroll’s defensible cybersecurity strategy framework.
by Eric Zimmerman, Andrew Rathbun
by David White
by George Glass
by Dave Truman