Insider threats: protecting data during eDiscovery (Nuix webinar)
-
Upload
nina-ananiasvili -
Category
Data & Analytics
-
view
150 -
download
6
Transcript of Insider threats: protecting data during eDiscovery (Nuix webinar)
September 15, 2016 COPYRIGHT NUIX 2016 3
Today’s Panel
Mark Burgess
Director eDiscovery,
Yerra Solutions
James Billingsley
Principle Solutions
Consultant, Cyber Security
& Investigations, Nuix
Angela Bunting
Vice President, eDiscovery
Nuix
September 15, 2016 COPYRIGHT NUIX 2016 4
Converging interests
• Technology advancing at an
alarming rate
• Google-fast societal expectations
• Enormous amounts of data
• Things getting lost, damaged,
stolen
• IT is focused on systems, Legal is
focused on the law … but they
both are bound by the data
September 15, 2016 COPYRIGHT NUIX 2016 6
Insider threat is on the rise – the “who”
Source: Verizon 2016 DBIR report
Incidents Breaches
September 15, 2016 COPYRIGHT NUIX 2016 8
Insider threat is on the rise – the “why”
Source: Verizon 2016 DBIR report
September 15, 2016 COPYRIGHT NUIX 2016 9
Insider threat is on the rise – the “how”
Source: Verizon 2016 DBIR report
September 15, 2016 COPYRIGHT NUIX 2016 10
Insider threat is on the rise – and so is time to discovery
Source: Verizon 2016 DBIR report
September 15, 2016 COPYRIGHT NUIX 2016 11
Insider threat on the rise – the misconceptions
Source: 2015 Vormetric Insider Threat Report
September 15, 2016 COPYRIGHT NUIX 2016 15
Addressing the threat - People
• Vet your personnel
– Employees
– Vendors, contractors and business partners
– Confidentiality agreements/policies/monitoring/control
• Reassess when necessary
– At fixed intervals (e.g. annually)
– Change in status
• When an employee’s role changes (promotion, transfer)
– If employee displays signs of distress or disgruntled behaviour
September 15, 2016 COPYRIGHT NUIX 2016 16
Addressing the threat - People
• Educate employees and affiliates on the risks
– Contractual provisions
– At onboarding
– Refresher days
• Training to include:
– Acceptable use
– Data handling
– Duty to report (see it, say it)
– Expectation of privacy
– eDiscovery personnel-specific training
• Disciplinary action for non-compliance
September 15, 2016 COPYRIGHT NUIX 2016 17
Addressing the threat – Policies and Process
• eDiscovery policies
– Data preservation and collection
• Common understanding of Legal Hold
– Gatekeepers
– Track data
• Physical Data Management
– Secure premises (even within premises)
– Encrypt all devices
– Secure file transfers (no email)
– Safe destruction
September 15, 2016 COPYRIGHT NUIX 2016 18
Addressing the threat – Policies and Process
• Logical data management
– Encrypt in transit
– Secured on network: secured within
– Air gap systems
– Moving data
• Jurisdiction
• Legislative compliance
– Give consideration to:
• Cloud service providers
• Vet for cybersecurity
• Industry certification and classification
• Cyber insurance
September 15, 2016 COPYRIGHT NUIX 2016 19
Addressing the threat – things to think about
• Who do we tell?
• Who has access to it?
• Where is the data stored?
• Who is collecting the data?
• Where does this data reside while it is being processed?
• Who are the people authorised to receive and work with the data?
• How should we transport the data to third parties? Is it encrypted?
• Who in the organisation is accountable for monitoring and
overseeing the process?
September 15, 2016 COPYRIGHT NUIX 2016 20
Summary - Security
Create a good security posture
– Know where your data is
– Manage accounts
– Control access
– Control methods of exfiltration
– Monitor for inappropriately stored data
– Educate your users
– Make sure people know who to talk to
when they see a problem
September 15, 2016 COPYRIGHT NUIX 2016 21
Summary- eDiscovery
Secure your data collections
– Ensure timely collection
– Collect once
– Encrypt in transit
– Air gap systems if data is in clear
– Implement access controls on collected
data
– Monitor activity
– Regularly review and update controls as
needed