Cybersecurity Awareness Month Serves as Reminder of Importance of Rapid Post-Breach Digital Investigations

Holli Hagene

Oct 21 2019

AccessData joins with our customers and business partners in recognizing the 16th annual “National Cybersecurity Awareness Month” as proclaimed by President Trump. Held every October, Cybersecurity Awareness Month is “a collaborative effort between government and industry to raise awareness about the importance of cybersecurity and to ensure that all Americans have the resources they need to be safer and more secure online.”

This annual event is an excellent vehicle for raising awareness about the growing threats to businesses and government agencies posed by data breaches and other forms of cyber crime. The various educational initiatives surrounding Cybersecurity Awareness Month are co-led by the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cyber Security Alliance (NCSA).

Of course, cybersecurity awareness is important worldwide. One recent report documented a staggering 195% increase in attacks on UK businesses in the first half of 2019 and the UK’s National Cyber Security Centre says that it is repelling an average of 10 cyber attacks weekly, most of which are being attempted by “hostile states.”

In fact, the European Union Agency for Cybersecurity launched its own “European Cyber Security Month” in 2012, with similar goals as the U.S. event of increasing awareness among businesses and consumers regarding the growing data security threats in the EU.

While the costs of data breaches are steep for private industry, an especially pernicious cybersecurity problem continues to pose major problems for the public sector. A ransomware epidemic has paralyzed municipalities at the city, county and state levels across the U.S.

“Ransomware is a textbook case of extortion and it’s happening more and more frequently to local governments,” reports Governing Magazine in October 2019. “This isn’t happening by mistake — attackers are actively targeting governments because they may not have the cybersecurity protections in place due to outdated solutions or budgetary restraints.”

Indeed, in the span of just one week in July 2019, the Georgia Department of Public Safety revealed that laptop computers in state police vehicles had been taken offline by ransomware, and Louisiana Gov. John Bel Edwards declared a statewide emergency after a malware attack on Louisiana school systems. Then in August, 22 towns and cities in Texas were hit with a simultaneous ransomware attack.

These bold attacks are becoming increasingly costly to government agencies. A 2019 study by Coveware found that the average ransomware payment from a government rose to $338,700, compared to $36,295 for private-sector victims.

Unfortunately, it takes bad actors just minutes to compromise an organization. And once they’re in, our research found that more than 30% of attackers can get data out within a matter of hours, minutes or even seconds, while 67% need days to exfiltrate your data. Timing is absolutely crucial and every hour that passes could make the difference between a successful lockdown and a major breach.

This is why it is crucial to activate a post-breach digital investigation and incident response plan immediately in order to minimize the damage caused by a breach. In fact, an extremely nimble and rapidly deployed incident response to a ransomware attack can even enable a government agency to lock down their data prior to activation of the attackers’ encryption keys, giving organizations a pre-attack point from which they can recover their data and avoid having to give in to ransom threats.

AccessData has been an industry leader in developing and delivering tools that assist government agencies with post-breach digital forensics investigations and incident response. Earlier this year, we introduced a new version of AD Enterprise, our software for managing internal forensic investigations and post-breach analysis, which includes first-to-market integration with cybersecurity platforms to automate the early stages of data collection.

AD Enterprise is a powerful tool for post-breach analysis, offering live data preview at the endpoint. It can be deployed in the cloud quickly and securely, which is an attractive option for many public sector clients that need a tool for post-breach analysis but lack the time and resources to spin up their own technology infrastructure when they’re in the chaos of a cyber incident. AD Enterprise can be up and running within a matter of hours.

We have extended this focus on innovation with post-breach software tools by creating the first API that helps to automate the crucial early stages of data collection and forensics captures immediately following a cyber incident. With the AccessData API, AD Enterprise can connect with the agency’s cybersecurity software platform of choice. If the cybersecurity software detects an attack, it triggers an alert via the API that is received by AD Enterprise, which initiates a collection job within moments at a designated endpoint or affected asset. This saves precious time in the initial stages of the incident response by preserving data related to the root cause of the breach.

National Cybersecurity Awareness Month is an important annual reminder of the risk posed by cyber crime so we can all take steps to protect ourselves, our businesses and our government agencies. Products such as AD Enterprise and the AccessData API provide organizations with important tools they can use to reduce the risk posed by ransomware attacks and speed up their post-breach incident response. Find more resources at

Contact us today to learn more about our products and our
approach to improving how you collect, analyze and use data.
Tell Me More