Many organisations are hampered when it comes to investigating cyber attacks because they fail to consider the threat when they design and develop software systems, according to new research.
The new findings from Lero, the Irish Software Research Centre, follow last weekend's global WannaCry cyber-security attack that affected more than 200,000 systems in 150 countries.
The study found that while 64 per cent of organisations consider requirements for the detection of security incidents, less than a quarter (23 per cent) consider requirements regarding the collection of data for forensic investigations.
More than half of the surveyed individuals indicated that their organisation does not consider requirements for how data should be collected and secured before investigators can examine it after an attack.
"The recent global cyber attack has highlighted the growing demand for organisations across the public and private sectors to have the capacity to investigate such incidents," said Dr George Grispos of Lero.
“Our study suggests that current software development processes are inadequate in many organisations with regard to integrating forensics into the development process.
“The repercussions of these findings could mean that when cyber attacks and similar incidents occur, investigators could face challenges with not only eradicating the problem but also identifying and collecting information that can help catch the perpetrators or other malicious users.”
“Many organisations do not consider how they will investigate and eradicate security incidents and attacks during the development lifecycles of their applications.
“Further complicating matters, the study also highlights that any data which could be required to identify who is responsible for the incident, may also be compromised before it is even used in an investigation.”
He added that, in many cases, organisations across the public and private sectors implement software applications and then decide how to protect them.
“The recent global cyber attacks emphasise the need to not only build-in security protections but also forensics from the start of the development lifecycle,” he said.