Typical Response Tasks
·   Preservation
·   Forensics
·   Log analysis
·   Malware reverse engineering
·   Surveillance
·   Remediation
·   Endpoint detection & response
·   Exfiltration – eDiscovery
·   Physical security
·   Regulatory compliance
·   Consumer notification
·   Legal response
·   Law enforcement liaison

The latest Microsoft Exchange breach moved downstream to 60,000+ SMB victims from the Solar Wind’s hack that targeted Microsoft and government agencies. The pace and scale of these foreign government sponsored cyber attacks raises a red flag for corporations of every size. If corporate data breaches are the ‘new normal’, then corporate stakeholders need to invest in technology, training and policies that identify, classify and protect sensitive ESI before it happens to you. I am not a security or privacy expert, but I have worked with many over the decades building mature information governance and eDiscovery lifecyles. The sticker shock of breach remediation projects spurs execs and cyber insurance companies to ask, “How can we get ahead of this next time?”

This older Compliance Week article by John Reed Smith outlines and explains the typical breach response workflow steps and factors. My eDiscovery peers may notice a strong overlap from the Exfiltration analysis step onward with traditional eDiscovery tasks. Too many eDiscovery service providers are all too eager to throw the TBs of raw unstructured ESI potentially accessed by the breach into their eDiscovery process at litigation market volume pricing. After all, most have developed PII filters to accommodate GDPR, California, Colorado and other privacy regulations. In my experience, the vast majority of these providers, auditors and consultants are ‘learning at the client expense’. Just because they can perform these tasks does not mean that they have the deep experience and established workflows that reduce risk, cost and time. I have written too many AARs that highlighted the differences between litigation eDiscovery and breach exfiltration analysis. I love hearing success stories and customer references for specialist providers if you have a favorite.

In my opinion, the most effective pre-breach/litigation cost mitigation approach is effective enterprise classification of ESI. Technology companies like my alma mater Symantec, Autonomy, IBM Watson and others have been chasing practical, real-time autoclassification for decades. I was part of the Symantec team that evaluated Orchestria’s early classification engine before CA acquired them in 2009. The value of autoclassification was and is self-evident. Early classification systems required massive time investment to build and maintain complex criteria rule sets on top of serious processing and storage infrastructure. All of this doomed every enterprise classification project that I know of prior to Microsoft’s BPOS/Office 365. Microsoft and Google now provide the infrastructure and APIs for practical auto classification without breaking the bank. The potential risk and cost of corporate data breaches now justify investment in autoclassification, Data Loss Prevention, Endpoint Protection and other technologies.

Imagine having all of your eDiscovery collections enriched with metadata labels for PII, trade secrets, pricing data, bank wires, invoices, privilege, IP and more. Classification on creation enables automated encryption, security reminders, routing to high security storage, anonymized data and other risk minimization strategies. Even simple internal/partner/external email labels typically available in enterprise archives and eDiscovery platforms provide immediate value. So I encourage you to reconsider enterprise classification in your ESI lifecycle strategy. Microsoft 365 now supports data classification labels and most third party classifiers have some kind of integration. So you now have many options to enrich your ESI and reduce the risk/cost of eDiscovery and breach remediation.

Greg Buckles wants your feedback, questions or project inquiries at Greg@eDJGroupInc.com. Contact him directly for a free 15 minute ‘Good Karma’ call. He solves problems and creates eDiscovery solutions for enterprise and law firm clients.

Greg’s blog perspectives are personal opinions and should not be interpreted as a professional judgment or advice. Greg is no longer a journalist and all perspectives are based on best public information. Blog content is neither approved nor reviewed by any providers prior to being posted. Do you want to share your own perspective? Greg is looking for practical, professional informative perspectives free of marketing fluff, hidden agendas or personal/product bias. Outside blogs will clearly indicate the author, company and any relevant affiliations. 


See Greg’s latest pic on Instagram.

0 0 votes
Article Rating