Saturday, 20 May 2017

Lero study highlights need to build in forensics to identify cause of cyber attacks

- Study launched on back of recent global cyber attack

New research from Lero, the Irish Software Research Centre, finds that many organisations are failing to consider the threat of cyber attacks when they design and develop software systems. The news follows on from the recent unprecedented global WannaCry cyber-security attack that affected more than 200,000 systems in 150 countries, including the UK’s NHS.

“The recent global cyber attack has highlighted the growing demand for organisations across the public and private sectors to have the capacity to investigate such incidents,” said Dr George Grispos of Lero, the Irish Software Research Centre, which is supported by Science Foundation Ireland. “Our study suggests that current software development processes are inadequate in many organisations with regard to integrating forensics into the development process.”

He added, “The repercussions of these findings could mean that when cyber attacks and similar incidents occur, investigators could face challenges with not only eradicating the problem but also identifying and collecting information that can help catch the perpetrators or other malicious users.”

The Lero study found that while 64% of the surveyed organisations considered requirements for the detection of security incidents, less than a quarter (23%) have considered requirements regarding the collection of data for forensic investigations.

More than half of the surveyed individuals indicated that their organisation does not consider requirements for how data should be collected and secured before investigators can examine it after an attack.

“Many organisations do not consider how they will investigate and eradicate security incidents and attacks during the development lifecycles of their applications,” commented Dr Grispos. “Further complicating matters, the study also highlights that any data which could be required to identify who is responsible for the incident, may also be compromised before it is even used in an investigation.”

He said that in many cases organisations across the public and private sectors implement software applications and then decide how to protect them. “The recent global cyber attacks emphasise the need to not only build-in security protections but also forensics from the start of the development lifecycle.”

The report “Are You Ready? Towards the Engineering of Forensic-Ready Systems” is available at