We've reached part three of our blog series: RESPONSE. This blog follows the highly anticipated session at ILTACON 2018 - the response of DLA Piper after last year's NotPetya malware attack. This story has been a topic of much interest throughout the legal community and has been a call to arms for law firms. The session discussed the unenviable but critical responsibility an organization has in response to an incident.
Some incidents can be isolated and not impact the entire firm, while others can be systemic and bring into play a full disaster recovery and business continuity plan. Bad things happen to good people every day. It's what we do to prepare for it and respond to it that makes the biggest impact.
DLA Piper's story rippled throughout the legal community and got a lot of people's attention. The story of the rapid impact to this global firm and the decision to bring down everything was haunting and chilling. It was hard to plan for something this destructive, but their story is compelling as they fought the good fight to get things operational again.
Some high-level lessons from their story:
- Have dedicated security personnel focused on the security landscape. If you don't have it, then outsource it or bring in fractional professionals (instead of a full time employee) to function in this role.
- Plan, Plan, and Plan. Disaster recovery (DR) and business continuity (BC) plans need to be reviewed, discussed, and updated regularly. Just doing a table-top exercise once every two or three years is not enough. Don't just have a DR and BC plan, test the plan. Then let people know about the plan. Then test the plan again. Hope for the best, but plan for the worst. Quote from today, "There's no such thing as an UNBELIEVABLE scenario!"
- Align with a standard (e.g., NIST), and map out your plan accordingly.
- Communications methods after an incident are critical. Plan for communication channels outside of your normal internal systems (e.g., broadcast texting solution, a registered domain separate from your firm's domain for use by your leadership to use to communicate with clients and others, etc.).
- Have firm leadership develop a Crisis Management Plan to address the running of the firm, the public relations elements, and the operational considerations in the event of an incident.
- Credential Management should be a part of your strategy. Privileged account's password should change regularly.
- EDUCATE everyone in your organization and continually remind them that Security is EVERYONE'S job. We all have a part to play in protecting the information we've been tasked to protect (personally and professionally).
Let's keep moving the needle forward and do what we can do to protect the things we've been entrusted to protect.
All three areas - Prevention, Detection, and Response - must be a part of your security strategy. These three sessions were engaging and brought concepts down to practical applications. It was a real joy to be a part of them.
Below are some of the resources made available from today's session.
Detailed Information on NotPetya
NIST Cybersecurity Framework:
Let's be safe out there!