Hello my name is Mary Mack and I’m the executive director of a sense the Association of Certified ediscovery specialists and I want to welcome you to the Aces webinar channel where we will be having another one of our wonderful educational webinars this one is sponsored by our platinum affiliate partner and great friend Rico and we will be we.
Will be covering some items of high interest but before we do just to note that the slides are downloadable in your.
Console there and then also it down at the bottom is a QA tab.
Love to have your questions so if the question pertains to what we’re talking about in the moment I’ll raise it otherwise we’ll save it to the end but we are quite interested in what you are wondering about and what you’re thinking about and this webinar is going to be on best practices to secure your data and protect your organization again sponsored by our Platinum affiliate partner Rico and we have with us Chris Dale who runs the e disclosure information project he’s a writer.
Speaker and commentator and E is a subject matter expert on the.
Topics we will be discussing today and as well we have David Levine he is the VP of information.
Security and the Saizo for rico USA he’s the chair of Rico’s security advisory council and he leads Rico’s global virtual security team our agenda today is the state of security today cyber threats reacting to a security crisis compliance standards best practices and then a final round of Q&A and as I.
Said earlier your questions are very very welcome we’re thrilled to have you here to to listen to this particular webinar and participate so David tell me.
About the state of security today and what.
You are seeing sure Mary appreciate the question and happy to be on the webinar today with everybody so a great question and in the state of security today is certainly not what it used to be right.
So when we think in terms of security events or breaches no it wasn’t really that long ago that we really looked at it breaches in the context of what was.
That big breach last year or you know the two big breaches that occurred that year and you know a lot of press and a lot of discussion around breaches of that nature and the reality is today 2018 heading.
Into 2019 here soon is that breaches are truly a daily occurrence it’s it’s pretty staggering if you get daily security feeds or you go and look at daily security reports literally there are breaches occurring on a daily basis and then sometimes you know we’re seeing reports.
Of multiple breaches a day and there’s some danger in that too because one certainly doesn’t want to view such things you know complacently but it definitely sets a different tone and behind those breaches are of course the adversary which is.
Also changed dramatically over the years you know but back early in the day when people talked about a hacker or an adversary they really tended to think of you know somebody in their basement hacking.
Away trying to break into something for fun which which is predominantly what used to occur a long time ago but today what we’re dealing with predominantly although although the individual hacker still exists don’t get me wrong but what we predominantly deal with today in a lot of cases are very sophisticated adversaries and in some cases and in.
A lot of cases nation-state adversaries so whether we’re talking about China Iran North Korea Russia any of the big ones you know they’re they’re highly skilled and they’re highly funded and the other thing is when we’re talking about an adversary like that you know that’s all they do 7 by 24 by 365 and even.
Folks and my team and as a sea so you know you know we’ve.
Got we’ve got our daily jobs and defending the network is part of what we do but we’re up against folks that that is the only thing they do and so you were also in a state these days where quite honestly even somebody who has no hacking experience can go out on the dark web and for what is honestly a very small amount of.
Money can actually purchase complete hacking application Suites that come.
With tech support and and all the help you could want so definitely different world today so relative to that though you know sometimes we still have questions around or.
Get in discussions around you know mio breaches is my company a breach or really for the purpose of today’s discussion you know our law firms targets and and the reality is law firms are absolutely targets so and it doesn’t matter whether it’s a small practice or very large you know international law firm.
The reality is the data that law firms.
Handled not only their internal data for their own employees and their own you know legal folks but the customers that they’re providing services.
To it’s really at the end of the day it’s a treasure trove of data for an adversary they can use.
That data in a variety of ways to gain outcomes whether.
Inside information on intellectual property gaining information on pivotal cases or mergers and acquisitions all of that is certainly fodder good file for the adversary so I would say you know as much as anything and and another thought here too is that you know it’s not always the.
Itself that’s the direct purpose of being attacked if the adversary thinks that the law firm can be manipulated or used as an access point to get to the client they’ll do that as well so you know it’s a multi-faceted situation today you know the last point here on the slide is around what to do when you get concerned about security and there’s a lot of different things I think we’ll probably as this discussion rolls on today that will we’ll discuss a few things that make sense here but certainly engaging qualified.
Third parties to to assist with looking at your security program or implementing security program is certainly where would you where you would want to get started with that excellent and crisp data tell us what trends are you seeing now before I do that I’ll just pick up something that happened about so came to my.
Attention right now before we started this afternoon which is that which reinforces what David just said Foley.
And laudner were attacked very recently apparently wasn’t somebody after their data it seems but a crypto jacker or possibly a crypto jacker seeking to use their actually use their processing power so there’s more than one reason why one has to be on.
The alert I’m given that David’s here talking about the technical side.
I thought I’d approach this slightly sideways and look at the interrelationship between security and various other things the general data protection regulation privacy information governance they’re all related and money spent on one of them has value for the others put it it’s briefest if you keep less stuff you’re not only more likely to be compliant with.
Gdpr and other regulations but.
Less at risk in security terms if you’re fit to come five of the GDP are then you stand a better chance of anticipating a breach or reacting to a breach it’s not just the GDP.
Our of course we’ve recently seen the settlement of a class action against Yahoo which cost them a lot of.
Money later on we’ll talk about the Californian consumer consumer privacy act which is a different aspect of the same thing that’s interrelation between.
Security and privacy you might also be able to reduce other costs discovery costs you might be able to find stuff you actually need which should be a plus the.
Worst case whether it’s a breach or whether it’s reacting.
Another that if you don’t know what you had you don’t know what you’ve lost you don’t know who should be notified and you don’t have a.
Plan then you have a much bigger problem the problem than an organization that has addressed all these things the reaction when we talked about information governance four five years ago it was that no one could find an ROI for that why should we spend money on this nebulous concept of information governance particularly when there was no product around that you could that was designed to solve an identifiable problem the rise of security issues as well as the rise of privacy have changed the map there I.
Think there are more reasons than one just to repeat myself a bit for spending money on finding out what data you’ve got getting rid of the stuff you don’t need and so on all of which makes you less at risk and less attractive.
Indeed to any sort of intruder there’s also changing perceptions.
We’re seeing that ROI question is addressed rather differently now cost is not just what you pay out but what you save.
And what you save is not just money but other things as well there’s a.
Greater appreciation of personal privacy now for various reasons we’re all watching Facebook and Google and the rest who are watching us rather more closely than we might like Snowden and the NSA saga alerted Americans in particular but the rest of the.
World as well the risk that we’re at simply by virtue of the amount of data that’s being kept on us find apart from anything else ethical considerations which weren’t fashionable until recently are becoming so ethics doesn’t pay the bills or offer offer returns to shareholders but if you’re seen as a target.
If you’re seen as a company that has not organized itself to face security risks what if your customers leave what if nobody wants to work for you what if nobody wants to invest in you.