Accidents and incidents happen every day. When they happen in technology quite often the root problem may not be a technological issue but more of a procedural or personnel issue. The goal in analyzing the situation is to look past what may seem obvious and get to the bottom of the issue. Enter the Root Cause Analysis.
In a Root Cause Analysis the goal is to distinguish between factors that are root causes and factors that are causal factors. A root cause is one where its removal prevents the final outcome from occurring. A causal factor is one that has an effect on the outcome but is not the root cause. Let’s look at a technological issue. Let’s say a company was hacked via use of surreptitiously obtaining an employee’s credentials. So, how did the company get hacked:
- Credentials were obtained from employee
- Employee wasn’t skilled to spot the phishing attempt to get the credentials
- Employee hasn’t had training
- Company hasn’t provided training to employees
- Management hasn’t approved training
- Ownership hasn’t deemed cybersecurity an issue to be dealt with
In most scenarios, the person in charge of determining the true root cause of the hacking may have stopped with blaming an employee or just charged the company with providing the necessary training. As you can see from the above, however, the root cause is truly ownership not seeing cybersecurity as a threat to the company.
Vestige has been called upon by our clients at times to assist or perform root cause analysis. Our process starts with understanding what the problem or incident involved. During our initial fact finding we always ask “why” to keep getting to the root issue. At the beginning we endeavor to find out all the people who may have been involved in the incident so that we can interview each and every one of them to get their side of the story in order to get as many facts and factors as possible. Vestige leverages our technical skills as well as our investigative skills to uncover all aspects of the situation. We have found it to be very crucial that we explain to each interviewee, each stake holder, that they aren’t under investigation and we aren’t looking to apply blame in a report.
An example of a matter Vestige was tasked with involved a client who experienced data loss. The client had a very sophisticated file server system involving replication of data between servers, employing Windows Volume Shadow Copies and backups. From the beginning fingers were pointed between different entities in charge of different aspects of managing the file servers. In the end, Vestige was able to produce a report that identified the root cause which allowed the different entities to provide the support and systems necessary to prevent the issue from occurring in the future. While skeptical at first, each entity was pleased with the result of the report and its lack of finger pointing as well as providing the ammunition each party needed to manage a mission critical system.
Data Loss, CyberSecurity Breaches, and the like can be extremely costly. Perform a Root Cause Analysis to quickly get to the root of high-impact, mission-critical problems before they cause irreparable damage. Stop the skyrocketing costs of continuous, unresolved technology problems. Have a Root Cause Analysis performed today.
by Greg Kelley, EnCE, DFCP,
Chief Technology Officer at Vestige Digital Investigations
For more information CONTACT US.