The current community practices of nearline backups and short retention periods for better information governance hygiene may need to be revised in light of ransomware threats.
With the outage at DLA Piper, one of the pre-eminent law firms in the world, due to a ransomware attack, ACEDS has published a webinar and white paper on avoiding ransomware. DLA is back online, and the time is ripe for a community readiness exploration.
Our subject matter expert, Roy Zur, CEO of Cybint walked us through our legal/e-Discovery threat landscape, methods to identify and avoid common vectors for infection with ransomware, and how to prevent and mitigate attacks. Cybint is part of the BARBRI family, as is ACEDS.
One strong recommendation from Roy was to have a full offline backup. A common practice in e-Discovery review is to have automatic failover (a backup of the review system that can automatically come online with current work product if the primary system is down) and nearline backups of static documents. Offsite backup with “tapes in rotation” for son, father, grandfather tapes is often described as costly, time consuming and so pre-2000. Current practice in information governance is to recommend the shortest possible retention of archives to reduce potential future ediscovery spend and litigation risk. These practices will need to be re-evaluated against the need for disaster recovery to be able to rebuild critical systems when a catastrophe, natural or man-made occurs within tolerance levels.
Business continuity concerns and cost generally drive the decision to use near line storage as a backup: for example, it takes less time to get systems back on line if it is already connected, with little or no work product lost for reviewers. Nearline systems would be vulnerable to infection, by ransomware or other malware, without protection or isolation. Incremental backups are faster, but are only as good as the last full backup when bringing a system up from the ground, a situation faced by ransomware victims.
Between the 2006 FRCP amendments regarding not reasonably accessible data (read: backup tapes) and the 2015 amendments emphasizing proportionality, full offsite backups may become less risky in both ediscovery and security domains.
Ediscovery operational teams will need to re-evaluate their threat profile, their access security matrix, two factor, backups, business continuity and disaster recovery. Directors will need to assess cyber insurance requirements to mitigate potential downtime and damage to cases and client retention.
ACEDS will continue to bring programming to the community as we all learn to navigate the increasing security threat to those stewarding legal process.
I wanted a certification that separates me from my peers. Upon discovering CEDS, I was convinced this was exactly the type of distinction I had been seeking. Since achieving CEDS certification, I’ve noticed immediate recognition from my organization, colleagues, and current and prospective clients.They acknowledge they are more comfortable working with a person who has taken time to seek such certification. CEDS has certainly been worth the small investment and should continue to beget returns for years and years to come.
Andrew Bayer, CEDS
I get bombarded with all kinds of e-discovery stuff – news, blogs and whatnot. Let me tell you, you guys send the absolute best! I send it to all my partners and sales folks. I said, who are these guys? I have to get to know them better!
Kevin Glass, CEO
As a trial lawyer, day-to-day information processing is daunting for my client service. I’ve come to rely on ACEDS to keep me on the ‘edge’ of the curve on e-discovery. It’s a source I ‘ping’ ASAP.