Cyber crimes today account for close to half or 43% of overall crimes last year, according to the Cyber Security Agency in Singapore, At the same time, we face an estimated talent shortage of up to 3,400 cyber security professionals.
Starting early next year, the Singapore Institute of Technology (SIT) collaboration with NEC Asia Pacific and training partner, LAC have introduced a new Network Forensics Specialists course. Network forensics allow the search and tracking of both internal and external network attacks by focussing on inherent network vulnerabilities and communication protocols.
Assistant Professor Goh Wei Han, Infocomm Technology, SIT discusses the relevance of network forensics to cyber security and how it can help organisations combat rising cyber threats and breaches.
iTNews Asia: How has network forensics changed over time? What's driving the changes?
At its core, cyber attacks stem from the involvement of networks in one way or another. With rapid digitisation, these attacks have not only increased in sophistication but also techniques used, outcomes desired, and types of information targeted.
For example, ransomware attacks - previously thought to be benign, are fast becoming a pertinent threat to proliferate cyber attackers' agenda and pose a nefarious threat to organsations.
Data is now the “new gold” and a key for target for adversaries to steal or hold for ransom. The real-world impact from cyber attacks – for example Ukraine’s power grid attack and the Colonial Pipeline ransomware attack – requires organisations to step up their cyber defenses. One way they can better protect themselves is to improve their ability to determine potential threats within their networks and respond swiftly to quell its effects.
iTNews Asia: How can network forensics help companies in the private sector facing cyber security threats?
Cyber threats come in many forms, organisations need to be aware of the risks, the effects against their networks and what exactly has been done against their networks. Skilled network forensic practitioners can utilise their skill sets to uncover and examine the digital evidence that remains within the network post-attack, enabling them to narrow down on valuable pointers such as the nature of attack, the attack pathway within the network and the types of data being exfiltrated. With these crucial points in mind, they are able to plan and formulate mitigation plans, contingency and recovery responses to protect and prevent future attempts.
By looking for anomalous traffic patterns the abnormality could signify a potential breach or attack waiting to happen. Upon identifying an issue, we are able to analyse the data traversing through the network and identify malicious adversarial activities such as data exfiltration, malware and any others.
- Goh Wei Han, Assistant Professor, Infocomm Technology, SIT
iTNews Asia: What are the most common applications of network forensics in a criminal investigation? How effective are they today in detecting incidences of industrial espionage, information security breaches, identity or even financial fraud?
In a nutshell, we use network forensics to analyse traffic patterns within a network. Fundamentally, this involves using specialised techniques to monitor for network anomalies and intrusion. For example, by looking for anomalous traffic patterns the abnormality could signify a potential breach or attack waiting to happen. Upon identifying an issue, we are able to analyse the data traversing through the network and identify malicious adversarial activities such as data exfiltration, malware and any others.
The network has become an important source of evidence as sophisticated cyber threats in today’s digitally-first climate leave little to no trace of their nefarious activities on target computer systems.
iTNews Asia: How acute is the demand in the APAC region for investigators with deep knowledge of IT systems and understanding of the laws in cybercrime? How can these latest network forensics courses plug the knowledge gap?
The demand for network forensic practitioners will continue to rise as countries in the region increase their adoption of IT systems. Our Network Forensics Specialist course is geared towards practical hands-on activities, accompanied by field knowledge from NEC Asia Pacific and LAC , both who have accrued vast experience running Security Operation Centres. We can plug the knowledge gap by providing training to participants which they can adopt and utilise back in their workplace.