I was reading an interesting article titled: Is 2018 the year cybercrime becomes mainstream and was wondering how prepared are IT/Security staffs to handle and investigate a cypercrime against their company. What expertise and training do they have to conduct investigations, comply with chain of evidence, adhere to an forensically sound processes/methodology, what forensics technology have they deployed? Are their IT vendors/partners just that, IT. Where do they go to help them conduct investigations?
Certainly, law enforcement plays a role. But, how prepared are companies to compile the facts to even determine if there was a crime before they call law enforcement? Is the threat internal or external. If internal, what risk reduction efforts did the company deploy to prevent an internal crime from being committed?
AI and machine learning will become more prevalent to mitigate this risk. A constant cyper awareness training framework is necessary and will certainly help. But, when there is a hack/breach (and there will be ) how prepared are you to combat this criminal act?