The 2019 LegalSEC Summit kicked off with a pre-summit workshop. More than 140 ILTA members participated in a highly-interactive day focusing on Incident Response. Incident Response is a serious, relevant topic for legal technologists who create and maintain information security programs. This timely workshop included an introduction, table top exercises, the opportunity to create an incident response plan, and “need to know” incident handling tips presented by peers and other legal security professionals.
What do you do when all your best-laid plans aren’t enough? Ultimately, it’s a matter of when, not if, an incident will take place in your environment. Todd Corham, Chief Information Officer at Saul Ewing Arnstein & Lehr and Mark Sangster, Vice President of Industry Security Strategies at eSentire, lead the day with an introduction to incident response, including onsite polling, where the audience expressed concerns and engaged with the topic.
Key Takeaways from the Introduction:
- Adversaries often use your own tools against you
- Law firms are struggling to manage cybersecurity risks
- 60% struggle with both malware and non-malware attacks
- Adversaries set lures; they will go after some of your systems. That is where they are focused, and that is how they get in. You must use the trusted elements in your ecosystem without switching things up. Adversaries sneak in through those gaps.
- Create and test your Disaster Recovery Plan to ensure your response mechanisms are solid and your teams are practiced and aligned to successfully manage outcomes
- Every incident is a potential disaster!
- Key question: What does “incident response” mean to your organization?
Table Top Exercises
After the Introduction, attendees participated in one of the most important exercises - the Incident Response Toolbox Tabletop Exercise (TTX.) This session was broken down into two distinct classes of TTX:
First, the technical tabletop exercise aimed at preparing the IT staff to respond in a methodical, effective, and defensible manner when confronted with a security event.
Second, the round of tabletop exercises were geared to executives and decision-makers on the Incident Management Team.
Incident Handling Tips
Justin Price and Ray Manna are incident response consultants at Kroll who have been in the trenches and understand the processes, procedures, and situational awareness needed to stay organized and focused when things go sideways. The energetic presentation shared real-world scenarios, demonstrated how to analyze critical endpoint forensics to make timely incident response decisions, and explained how to preserve evidence for further investigation, process improvement, and reporting through a chain of custody.
- Manage the expectations
- Have a solid scope; you need a strong leader that can guide the investigation
- Scope, timelines, in-house capabilities, outcomes, and expenses — you need to learn to manage the expectations
- How you handle the incident impacts the outcome
Missed the pre-summit workshop? Want to listen again? Check out the recordings here.