ILTACON Contemplation: Cybersecurity in Legal-Land
ILTACON 2018, this year’s conclave of legal technology aficionados, provided some fantastic insights into the state of cybersecurity among law firms. Below are the highlights that struck me after spending four days attending sessions and hobnobbing on the expo floor.
Cybersecurity Technology Options Causing Confusion
ILTACON attendees came from a huge range of backgrounds, from large firms with grizzled CISOs to small firms with one IT staff member who serves as a “jack of all trades and master of none.” An ongoing thread throughout the conference was confusion around cybersecurity technologies. This came from many attendees, as well as the occasional vendor who had an interest in capitalizing on those who were perplexed. I regularly encountered confusion about the differences and tradeoffs between operating an in-house security information and event management (SIEM) system, using managed security service providers (MSSPs), leveraging managed endpoint detection and response (EDR), and employing a managed detection and response (MDR) solution. To discover the differences and what option might be best for your firm, see our papers comparing MDR and MSSPs and describing how EDR fits into the detection/response picture.
Compliance and Cybersecurity Insurance
Beyond maintaining an optimal security posture, law firms typically need to comply with clients’ compliance mandates to win and keep their business. For bank or credit union clients, law firms need to consider FFIEC guidelines. Working on behalf of a securities or insurance firm operating in New York State? Welcome to the New York Department of Financial Services 23 NYCRR 500. Do you have a client with healthcare data? Hello HIPAA. I attended a session on the anatomy of a data breach where the law firm speaker highlighted how non-compliance with government mandates and guidelines might invalidate your cyberinsurance policy.
Limited Cybersecurity Skills and Resources
A constant refrain from attendees was that they’re stretched thin for cybersecurity skills and resources. Some had deployed a SIEM system internally, but most who had now sought to get rid of it because of the time and energy it requires dealing with “false positive” alerts that consume resources and lead to security burnout. The Arctic Wolf team at ILTACON understood their pain and explained how we alleviate it through our security operation center (SOC)-as-a-service. Gartner estimates that providing 24×7 monitoring in a SOC requires eight to 12 analysts, and that is beyond the means of the vast majority of law firms. The AWN CyberSOC™ service provides a force multiplier for law firms to improve cybersecurity and meet compliance obligations.
DLA Piper and the Value of Strong Incident Response
The most riveting session I attended had Kevin Wixted, the CISO from the law firm DLA Piper, discuss how his firm recovered after a devastating NotPetya malware infection that brought the firm to its knees (Kevin pointed to the Cisco Talos blog writeup of NotPetya for good details on the malware). The audience perched on the edge of their seats to learn from one of their own who had experienced every CISO’s nightmare—a crippling malware infection. One-third of DLA Piper’s endpoints were “lit up” by NotPetya, and the malware effectively wiped systems clean. Kevin ran a strong, well-patched security shop with a solid security stack that included a managed detection and response vendor. Unfortunately, he had the bad luck to be one of the first NotPetya victims, back before the security industry had arrived at countermeasures. Among the lessons he learned is that you can never practice and update your incident response plan enough. Kevin ensured that DLA Piper had regular IR exercises that involved the entire organization before the malware attack. His team responded admirably to the NotPetya challenge, even though Kevin had to pull the plug on datacenter connections to endpoints and the internet in an effort to control the damage and facilitate recovery.
Gartner recently predicted that the managed detection and response (aka SOC-as-a-service) space will grow 3X between now and 2020, and law firms are among those spearheading that growth. Download the Gartner Market Guide to Managed Detection and Response to learn how outsourcing threat detection and response is a force multiplier to improve your security posture while better meeting your compliance obligations.