News & Press: ACEDS News

Thoughts on Ransomware, eDiscovery and Backups

Tuesday, July 11, 2017   (0 Comments)
Posted by: Mary Mack
Share |
Thoughts on Ransomware, eDiscovery and Backups

The current community practices of nearline backups and short retention periods for better information governance hygiene may need to be revised in light of ransomware threats.

With the outage at DLA Piper, one of the pre-eminent law firms in the world, due to a ransomware attack, ACEDS has published a webinar and white paper on avoiding ransomware.  DLA is back online, and the time is ripe for a community readiness exploration.

Our subject matter expert, Roy Zur, CEO of Cybint walked us through our legal/e-Discovery threat landscape, methods to identify and avoid common vectors for infection with ransomware, and how to prevent and mitigate attacks.  Cybint is part of the BARBRI family, as is ACEDS.

One strong recommendation from Roy was to have a full offline backup.  A common practice in e-Discovery review is to have automatic failover (a backup of the review system that can automatically come online with current work product if the primary system is down) and nearline backups of static documents. Offsite backup with “tapes in rotation” for son, father, grandfather tapes is often described as costly, time consuming and so pre-2000.  Current practice in information governance is to recommend the shortest possible retention of archives to reduce potential future ediscovery spend and litigation risk.  These practices will need to be re-evaluated against the need for disaster recovery to be able to rebuild critical systems when a catastrophe, natural or man-made occurs within tolerance levels.

Business continuity concerns and cost generally drive the decision to use near line storage as a backup:  for example, it takes less time to get systems back on line if it is already connected, with little or no work product lost for reviewers.  Nearline systems would be vulnerable to infection, by ransomware or other malware, without protection or isolation.  Incremental backups are faster, but are only as good as the last full backup when bringing a system up from the ground, a situation faced by ransomware victims.

Between the 2006 FRCP amendments regarding not reasonably accessible data (read: backup tapes) and the 2015 amendments emphasizing proportionality, full offsite backups may become less risky in both ediscovery and security domains.

Ediscovery operational teams will need to re-evaluate their threat profile, their access security matrix, two factor, backups, business continuity and disaster recovery.  Directors will need to assess cyber insurance requirements to mitigate potential downtime and damage to cases and client retention.

ACEDS will continue to bring programming to the community as we all learn to navigate the increasing security threat to those stewarding legal process.


What our customers say?

©2018 Association of Certified E-Discovery Specialists
All Rights Reserved