From an April 2018 webinar, check out these insights on cybersecurity and its influence on e-discovery from John DeCraen of Alvarez & Marsal LLC and Nik Balepur of Relativity.
22. Break new ground and rethink the way
you practice e-discovery.
• 2,000+ Attendees
• 200+ Speakers
• 150+ Sessions
• CLE-accredited Sessions
RelativityFest.com
Editor's Notes
Nik:
Thank you for tuning in to learn about cyber risks in e-discovery.
My name is Nik Balepur and I’m a solutions architect at Relativity, helping Relativity users better understand how to make the most of the platform. I’ve worked in e-discovery for about 10 years, managing legal and technology projects.
In today’s webinar, I’ll be discussing cyber risks with John deCraen. John presented on this topic at Relativity Fest and we’ve decided to bring it back today based on popular demand.
John is a senior director with Alvarez & Marsal’s Disputes and Investigations practice, specializing in global cyber risk services and digital forensics. Joining A&M in 2004 from the finance industry, he has since been involved in computer forensics, cybersecurity, and IT risk matters performing various management, investigatory, and analytical assignments for global clients in a multitude of industries.
John, thank you for joining us today. Tell us a little about your background, the types of clients you usually work with, and what makes them unique.
John:
[Discuss background in cybersecurity, computer forensics, and e-discovery as well as what comes with these large cases that you don't usually see with small litigation]
Nik:
With many high-profile breaches, cybersecurity has become a popular topic in various industries around the world.
John, from your experience, how seriously do you think the e-discovery industry takes cybersecurity?
John:
[Overview about current state of organizations’ cybersecurity practices and understanding]
There’s very little in the way of regulation or governmental guidance, so it’s up to us to make sure we protect our data and our clients’ data.
Effective cybersecurity starts with the fundamentals. Organizations need to understand the three pillars of cybersecurity.
Nik:
What are the three pillars of cybersecurity? Can you provide a few examples of each?
John:
A threat is an action, potential action, or inaction, likely to cause damage, harm, or loss
[Capability x intent]
[Quick examples (Import of unknown client data, perimeter attacks, social attacks, and internal actors)]
John:
Vulnerabilities are specific gaps in the protection of assets that can be exploited by threats in order to compromise the asset and realize a risk
[Overview of using NIST cybersecurity program to define activities and help definite vulnerabilities]
[Quick examples (Import of unknown client data, perimeter attacks, social attacks, and internal actors)]
John:
Risk is the resulting damage, harm, or loss of unmitigated vulnerability to threats
[Probability x harm]
[Why quantifying cyber risks is very difficult]
[Quick examples (Import of unknown client data, perimeter attacks, social attacks, and internal actors)]
Nik:
What are some unique cybersecurity vulnerabilities and risks in e-discovery?
John:
[Overview of industry-related vulnerabilities]
John:
[Overview of industry-related risks]
John:
The e-discovery lifecycle has unique cybersecurity vulnerabilities to mitigate and it generates unique cybersecurity risks that should be considered
Nik:
While the audience is taking the poll, we’ll answer a question: In terms of security, do you have any tips for what to look when selecting a service provider?
It looks like the audience is most concerned with [survey results here]
John, what cybersecurity considerations should practitioners keep in mind in each stage of e-discovery?
John:
[Overview of cybersecurity considerations in the information governance, risk, and compliance stage]
John:
[Overview of cybersecurity considerations in the preservation, collection, and import stages]
John:
[Overview of cybersecurity considerations in the processing and analysis stages]
John:
[Overview of cybersecurity considerations in the review and production stages]
Nik:
While the audience is taking the poll, we’ll answer a question: How do you ensure metadata is preserved on infected files?
The audience is leaning toward [survey results here] as the top driver in breaches.
John, from your experience, what is the most common cause of cyber breaches?
John:
Ineffective leadership and culture
[Overview of why this is the biggest driver and why compliance is not security]
[Overview of contributing factors]
[Importance of maintaining a good process in addition to selecting secure tools]
Nik:
In addition to building effective security leadership and culture, what should practitioners do to avoid these risks in e-discovery?
John:
[Overview of takeaways based on the current state of cybersecurity in e-discovery]
John:
[Overview of how Alvarez & Marsal is using Legal Hold in cybersecurity situations]
Nik:
If today’s viewers take five things away from today’s webinar, what should they be?
John:
[Closing thoughts]
[When talking about seeking expert assistance, can you provide some high level tips about finding a provider that takes security seriously?]
Nik:
Thank you for joining us today. A survey will be available as you exit the webinar. Please take a minute to let us know your thoughts. We’ll use your feedback to improve future events.
I also wanted to remind everyone that Relativity Fest 2018 will take place September 30 – October 3 in Chicago, and registration is now open. Join us to hear from more speakers like John. Visit relativityfest.com to learn more.