EXECUTIVE SUMMARY
FINDING #1: DIGITAL FORENSICS IS INCREASINGLY ABOUT INCIDENT RESPONSE
Root cause identification requires improvement
Data exfiltration / IP theft and business email compromise (BEC) scams are the most common incidents
Ransomware and data exfiltration / IP theft have the highest impact to the victim organization
Evolving cyberattack techniques are the biggest challenge facing corporate DFIR professionals
FINDING #2 AUTOMATION ISN’T A LUXURY — IT’S A NECESSITY
The soaring volume of investigations and data are real problems
DFIR personnel are feeling burnt out — and reinforcements aren’t coming any time soon
Organizations need to improve collection, processing, and analysis
FINDING #3: DFIR LEADERSHIP HAS NEVER BEEN MORE IMPORTANT
Improving the state of DFIR starts at the top
Organizations are potentially exposing themselves to regulatory risk
Third parties are valuable extensions of internal capabilities
CONCLUSION & RECOMMENDATIONS
SURVEY DEMOGRAPHICS & METHODOLOGY
CONTRIBUTORS
ABOUT MAGNET FORENSICS