Navigating cybersecurity: incident response and compliance

14 Sept 2023Business

Alastair Murray explores the critical role of Incident Response services in modern cybersecurity strategy

Solicitors and their firms should invest in a cyber insurance policy. If that is not a preferred option, firms should alternatively arrange for an 'Incident Response' service. Several reputable providers offer good value for money and a variety of packages, each with its own levels or grades of service.

At the most basic level, firms can subscribe to an incident response service that grants them the right to call upon an expert within hours. After the initial call-out, firms are then responsible for paying for the expert's time and expertise to assess the situation. The next tier usually includes a pre-inspection and/or an external and internal security check, followed by an annual subscription that provides access to a comprehensive range of incident response services.

If budget allows, an annual subscription offers significant advantages. Firstly, it can identify any past intrusions you might not have been aware of, giving you the opportunity to address and bolster your security measures. Alternatively, if you've experienced no unauthorised intrusions, it provides peace of mind that your security measures are effective.

Service tiers

Providers typically label their service tiers as Gold, Silver, or Bronze, and sometimes even Platinum. Each tier includes varying degrees of pre-testing and examinations. Some services will also correct security deficiencies, and an annual incident response program provides short-notice call-outs in case any issues arise during the year.

A real or suspected cyber incident demands an urgent yet measured response, best managed by a qualified incident response provider. The challenge lies in handling the urgency with composure, while minimizing potential damage to the firm and its reputation.

Few organizations know how to cope with a cyber-attack, as it's often their first encounter with such an issue. The main challenge for most firms is learning how to effectively manage a serious cybersecurity breach. The key is to remain calm and avoid panicking.

Preconceptions

All too often, management are swayed by preconceptions influenced by online media hype and Hollywood portrayals of hackers. It's crucial to heed the advice of the incident response team and follow their guidance to expedite recovery and prevent future occurrences.

Firms may panic, thinking they have a serious breach, and in some instances, even report the event externally before proper verification. This can be attributed to blurred lines of communication, malfunctioning detection systems, or a lack of experience within the firm.

Each incident is unique and necessitates a tailored response. Incident responders bring specialised expertise and experience in dealing with a variety of attack scenarios. They are also likely to have current knowledge of the latest attack trends, often including cases where similar tactics have been employed by attackers.

Consequences

A cybersecurity breach can damage both IT systems and the firm's reputation. It's essential for management to approach the situation calmly, allowing the incident responders to ascertain what has happened and mitigate any damage, restoring operations to some semblance of normality.

Expert investigation and analysis can pinpoint the origin of an attack, whether internal or external, and help the firm bolster its defenses against future incidents. A forensic investigation can also be invaluable, offering a systematic approach to analyze what went wrong and repair data, thereby helping the firm recover.

Solicitors continue to be prime targets for hackers. An incident response service serves as an effective solution for combatting these attacks. Firms with incident response retainers are contractually guaranteed a response and benefit from an array of services. These could cover the costs associated with the impact of a breach, including damage to reputation, operational disruptions, loss of client data, fines, litigation, and even measures to prevent the firm's closure.

Long-Term costs

The long-term financial repercussions of a cyber breach can be substantial. An exhaustive investigation into the root causes is essential for implementing improvements in the firm's cybersecurity infrastructure. Yet, this event can also lead to increased insurance premiums and lost client revenue, elevating cybersecurity to a major concern at the board level.

The General Data Protection Regulation (GDPR) imposes hefty fines—up to €10 million or 2 per cent of the firm's global turnover—for cyber breaches, especially if the firm fails to report them promptly. Firms are required to report suspected breaches within 72 hours, underscoring the importance of timely detection, thorough analysis, and a competent incident response service.

Preventing a breach

Compliance with GDPR and other information security standards like ISO 27001 and PCI DSS, if applicable, is crucial for minimising the risk of a breach or reducing liability if an attack does occur. Standards like Cyber Essentials not only fortify a firm’s resilience against attacks but also bolster its credibility in the eyes of clients.

Strong cybersecurity isn't just about technology; it's also about ensuring that employees are well-informed about the firm's cybersecurity protocols and adhere to them. Although often viewed as optional, penetration testing is a valuable exercise for assessing system vulnerabilities. Whether conducted in-house or by a third-party contractor, these tests are part of a broader array of incident response management services available to help firms strengthen their defenses.

More firms are investing in Incident Response services to mitigate exposure to threats like phishing, hacking, and malware downloads. Effective management of a breach or suspected breach demonstrates that your firm is proactive in disrupting cyber-attacks and repairing any resultant damage.

Firms are increasingly allocating resources to bolster frontline defenses, manage the critical 72-hour reporting window, safeguard client data, and prepare for potential fines.

Leaders in the sector are recognising the importance of actively defending their firms. They understand that investing in an Incident Response Contractor can significantly improve the security of both client data and internal operations.

Alastair Murray is director at The Bureau the-bureau.co.uk

Legal News desk contact: editorial@solicitorsjournal.com