A monthly newsletter focused on real-world issues and practical strategies for the investigation professional.

In This Issue:

	From the Investigator's Notebook: Cybersecurity – Top of Mind as Technology Advances
	News & Events

From the Investigator's Notebook: Cybersecurity – Top of Mind as Technology Advances

As 2010 begins, organizations face an increasing number of threats to security and daily operations. In every type and size of organization, cybersecurity is quickly becoming the "it" topic that keeps professionals in charge of sensitive data awake at night. As a reference point, cybersecurity is defined as the "measures taken to protect a computer or computer system...against unauthorized access or attack."¹ Organizations can no longer deny the rapid evolution of technology and use budgetary concerns or strained human resources as an excuse to turn a blind eye to the unseen threats of cybercrime.

Rising Importance
Current events reveal that corporate and governmental cybersecurity is top of mind. President Obama recently named Howard Schmidt as the new cybersecurity coordinator and described the threat to cybersecurity as a "serious economic and national security challenge." The Department of Homeland Security also announced in October 2009 it may fill up to 1,000 cybersecurity jobs, and numerous legislative attempts to address cybercrime and attacks have been proposed.

Organizations that do not appreciate the rapidly increasing importance of addressing cybersecurity are failing to protect against damaging consequences to their data and reputation. According to a recent article in The Wall Street Journal, the FBI is currently investigating a large-scale breach that targeted Citibank, a subsidiary of Citigroup Inc., in which tens of millions of dollars were stolen (Citibank has subsequently denied the breach). The article also quoted former White House cybersecurity director Melissa Hathaway as recently stating that the cyberattacks on corporations are "at an epidemic level."²

Security risks and attacks vary across the globe and must be understood by companies that operate internationally. According to a recent Microsoft Security Intelligence Report, Trojans were the largest threat to the United States, United Kingdom, France and Italy, while malware targeting banking was prevalent in Brazil and worms were most prevalent in Spain and Korea.³

Importance of Preparation
Proper preparation for the range of potential problems arising from a cyber incident is extremely important. Cyber incidents range from hacker situations, to loss of intellectual property, to identity theft – essentially any instance where data is compromised through use of a computer.

Both technical and legal aspects are involved in cyber incidents.

Technical aspects:

• What happened? Do not assume an incident occurred without first receiving confirmation.
• How did it happen? Understand the root cause in order to effectively remedy the situation. Conduct custodian interviews, and collect technical inventories. Have the evidence analyzed by the response team.
• Who was involved? Determining who was involved will help correct the incident and mitigate possible damages.

Legal aspects:

• What must be reported? Certain business arenas may be required to provide notice of the incident to affected parties.
• How should potential evidence be preserved? Parties must suspend routine data destruction practices and immediately issue a litigation hold notice if litigation is reasonably anticipated. The legal team must follow up to ensure proper preservation.
• What is an appropriate communication plan? Appoint a spokesperson trained in data breach incidents to help maintain business continuity.

Seek Help
It may be necessary for an organization to utilize an expert to proactively identify potential risks that may lead to litigation or investigation matters and create a plan to mitigate vulnerabilities. The chosen expert should be able to identify and pinpoint gaps and potential risks in the organization's data security programs and practices, spot compliance issues, close security holes, and collect and label evidence in a way that supports potential future claims. Working with an expert will also allow the organization to build incident response plans while prioritizing remediation steps to suit the company's specific goals and budget.

Conclusion
Even the most secure organization is not immune to cybersecurity incidents. Establishing an incident response plan and response team in advance of a crisis is vital. An organization should also establish a relationship with an experienced, reputable expert to rely on when facing a cyber incident. Implementing these policies and being prepared will allow for effective management of a potentially damaging situation.

¹ www.merriam-webster.com/dictionary/cybersecurity

² Siobhan Gorman and Even Perez, "FBI Probes Hack at Citibank," The Wall Street Journal, online.wsj.com/article/SB126145280820801177.html?mod=rss_Today's_Most_Popular (Last accessed Jan. 4, 2010).

³ Microsoft Security Intelligence Report, Volume 7, January through June 2009.

Back To Top

News & Events

Webinar Tomorrow: Year in Review – Lessons Learned in 2009
In 2009, the trend of judicial intolerance for e-discovery blunders continued as courts increasingly held parties and lawyers accountable. From Jan. 1 to Oct. 31, 2009, Kroll Ontrack analyzed 108 significant opinions addressing e-discovery-related matters and claims. Join us at 1 p.m. EST on Wednesday, Jan. 20, for an online seminar discussing the breakdown of major issues involved in these cases, along with hot topics that emerged in 2009. This presentation will also predict and explore trends for 2010. For more information or to register, visit www.krollontrack.com/webinar-012010.

Download Kroll Ontrack's Recent Podcast, "Third Annual ESI Trends Report, ESI Management & Workplace Privilege"
In this edition of the ESI Report, host Gina Jytyla, Managing Staff Attorney in the Legal Technologies division at Kroll Ontrack, welcomes Jason Straight, Senior Managing Director for the Computer Forensics and ESI Consulting Group at Kroll Ontrack and Rob Jones, Legal Consultant for Kroll Ontrack in the U.K. office, to discuss the results and core themes that emerged from Kroll Ontrack's Third Annual ESI Trends Report. They will also explore important lessons learned with regard to corporate management of electronically stored information and e-discovery best practices. In the Bits & Bytes Legal Analysis segment, Kroll Ontrack Legal Correspondent, Kelly Kubacki will take a look at the discovery order issued in Alamar Ranch, LLC v. County of Boise. To listen to the podcast, visit www.krollontrack.com/redir/1209ESITrendsPodcast-II.asp.

Keep Up to Date with Kroll Ontrack Social Media
Become a fan of the Kroll Ontrack Facebook page: www.krollontrack.com/redir/FBpromo-II.asp.
Follow Kroll Ontrack on Twitter: www.krollontrack.com/redir/TWpromo-II.asp.
Visit Kroll Ontrack on LinkedIn: www.krollontrack.com/redir/LIpromo-II.asp.

Meet our representatives at the following events:

Visit www.krollontrack.com/upcoming-events/ for more information on these events and others.

Back To Top

We Request Your Input

This newsletter was written by Kelly Kubacki and Kelly Runkle, Kroll Ontrack Law Clerks, with assistance from Regina Jytyla, Kroll Ontrack Managing Staff Attorney. Ms. Kubacki can be contacted by writing to kkubacki@krollontrack.com.

For more information about e-discovery and computer forensics services, contact Kroll Ontrack at 800 347 6105 or www.krollontrack.com.