There is no doubt that successful cyber attacks can have substantial legal repercussions on victimized organizations, and that fact alone gives legal counsel, whether in-house or sourced from outside, an important seat at the table when cyber security lands in the spotlight of litigation. But, “Having a seat at the cyber security table and being at the head of the table are two very different things in our dangerous digital world,” says Joe Caruso, founder and CEO/CTO of Global Digital Forensics, responding to a recent industry article in Corporate Counsel.
The stakes in the cyber security game have never been higher. Cyber attacks can devastate successfully targeted organizations on many fronts, from cash losses and liability concerns, to losing the trust of clients, vendors and investors, and of course, the publics’ perception of an organization’s integrity, all of which can translate directly to substantial bottom line losses, or worse. But in a legal industry article earlier this month in Corporate Counsel, the thought of legal counsel taking the lead as first-line defenders in the cyber security arena raised some alarm bells for Joe Caruso, founder and CEO/CTO of Global Digital Forensics (GDF), a premier provider of cyber security, computer forensics and electronic discovery (eDiscovery) solutions.
Don’t fight fire with gasoline.
“Cyber attacks are often a lot like fires. It only takes one ember, like a phishing email, to start an industrial fire that will leave a swath of destruction behind. But as soon as a big fire breaks out, the professional first line defenders are activated. Firefighters head to the blaze itself, law enforcement sets up perimeters and tries to protect the public, and doctors and other emergency medical personnel set plans in motion to deal with potential casualties. Now, even though doctors may very well have a crucial role to play in the aftermath of an industrial fire, they’re not the ones you send out to the front lines to actually do the firefighting. That’s just not their skillset. That’s what came to mind while reading the article in Corporate Counsel called, In-House Counsel as Cybersecurity First-Line Defenders. Counsel may be well intentioned, extremely knowledgeable in their profession and fully dedicated to the success of an organization, but you simply cannot serve two totally different masters when one of them is cyber security, unless they know the secret to adding twelve to sixteen hours to a regular day. I’ve been in this game for more than two decades, and I know it’s a full time job every single day to stay abreast of the latest threats, malicious payloads and successful mitigation techniques. And I also know that making the wrong moves at the onset of an emergency cyber incident can be like fighting a fire with gasoline; things can just explode out of control. And that means a more costly event on many fronts, from today’s bottom line, to tomorrow’s bottom line.”
So who should do what?
“On this point, I’m in total agreement with the author of the article, keeping legal professionals trained and informed on the perils and likely consequences of successful cyber attacks before an event is essential, they should be to have any hope of being effective in today’s digital world. And chances are they are going to have their hands full in short order, because a successful cyber attack can certainly bring a firestorm of legal headaches, everything from regulatory compliance and other liability issues, to investigation, prosecution, and notification nightmares. But when it comes to responding to a cyber event and all the nuances and the nitty-gritty work of successfully handling the seemingly endless array of cyber threats out there, all with their own unique charms and poisons, that work should be handled by the front line firefighters that live and breathe fighting fires.”
Effective cyber security is a complex and multi-faceted discipline.
“There are many components to responding to a cyber emergency, and yes, the legal arm has an important role to play. And at Global Digital Forensics, the story of our evolution as a company through the years puts us in a fairly unique position to help the legal side of the house immensely, from the first whiff of smoke, to what happens after the flames are put out. At GDF, our foundation was built in the computer forensics industry when the Internet was just a baby, and analyzing data was our core focus. Then that progressed to the next logical step, electronic discovery, because it didn’t take long for the legal arena to realize the power of all the digital evidence that springs from a professional computer forensics engagement. That put us smack-dab in the middle of the tug-of-war of many litigations. So we know what the legal side needs, and we know how to help them maximize the benefits and leverage the full power of digital evidence. And since many of our computer forensics engagements seemed to stem from cyber security concerns and cyber attacks, we dove right into the deep end of cyber security years ago as well, and never stopped swimming. This breadth of experience lets us seamlessly transition between these disciplines and also gives us unrivaled experience in how to make the lives of internal or external counsel not only mush easier, but much more effective. We know the ins and outs of chain of custody, data preservation and destruction, litigation holds and data mapping which can become the crux of any litigation. We can also help any client devise effective cyber security plans from the ground up, from reviewing and fortifying policies and procedures and performing regular cyber threat assessments and comprehensive penetration testing, to developing proven cyber emergency escalation matrixes and 24/7 cyber incident emergency response contingencies with our network of veteran emergency responders strategically positioned across the country and the globe, giving us response times unrivalled in the industry. And we can help devise and/or strengthen training and awareness programs for everyone from end users, to managers, and yes, even counsel.”
Putting the right professionals on the front lines of the cyber battlefield is crucial to not only survive, but to thrive in this digital world. So make sure the right tasks are in the right hands. Call GDF and speak with a cyber security specialist today and protect that ever-so-important bottom line.
*Global Digital Forensics is a recognized industry leader in the fields of computer forensics, electronic discovery (eDiscovery), cyber security and emergency incident response, with years of experience assisting clients in the government, banking, healthcare, education and corporate arenas. For a free consultation with a Global Digital Forensics specialist, call 1-800-868-8189 about tailoring a plan which will meet your unique needs. Emergency responders are also standing by 24/7 to handle intrusion and data breach emergencies whenever and wherever they arise. Time is critical if a cyber-incident has occurred, so don’t hesitate to get help. For more information, visit http://www.evestigate.com.