According to Juniper Research, more than 33 billion records will be stolen by cybercriminals in 2023, which represents an increase of 175% from just five years ago. Additionally, Kaspersky Labs reported that during the first 10 months of 2022, the proportion of users attacked by targeted ransomware doubled compared to the same period of 2021 — a trend line that does not bode well for 2023.
Amid this surge, legal organizations — not surprisingly — continue to be popular targets for these types of attacks. Meanwhile, flexible working models — which have dispersed professionals from an office environment where all daily business was conducted on company-approved devices behind the corporate firewall, to a “work from anywhere on any device” situation — have only added to the degree of difficulty in keeping sensitive data secure.
AN ORCHESTRATED RESPONSE, AND AN UNINTENDED GAP
Given this formidable array of security challenges to contend with — not to mention a persistently tight labor market — it’s no wonder that those tasked with protecting company and client data are feeling overburdened and under an increasing amount of pressure.
In response, many organizations have started investing in security orchestration to help improve the efficiency of their internal security controls. The primary benefit of security orchestration is that it allows previously siloed tools used to detect and respond to security incidents to be connected. This approach unifies and automates multiple aspects of security — from threat alerts and monitoring to remediation.
“Since a good document management system (DMS) has robust security and data governance controls, the failure to integrate it into the wider company threat monitoring strategy means that valuable real-time information and alerts related to documents and emails residing in the DMS are missed out.”
When it comes to orchestration planning, however, one essential component is often ignored: integration with the organization’s document management system (DMS). This oversight has the unintended effect of creating a gap in the organization’s security response — one that centers around the system where the vast majority of law firms and corporate legal departments keep their sensitive and privileged information.
Since a good DMS has robust security and data governance controls, the failure to integrate it into the wider company threat monitoring strategy means that valuable real-time information and alerts related to documents and emails residing in the DMS are missed out.
A CHANGE OF VIEW
So, how can we best close this gap and bring the DMS into the fold?
A good first step is a change of mindset around how the DMS is viewed within the organization. Traditionally, IT focuses on monitoring the systems that fall into the “infrastructure” bucket (e.g., the email system, endpoint devices, private cloud and so on) while more specialized applications like the DMS are seen as being “owned” by the particular team, department or practice group that purchased them or uses them the most.
The downside of this segmented approach is that alerts generated by the DMS when certain user behavior deviates from what is considered normal are sent to a point person within that team or practice group rather than to those with a global view of the organization. The obvious concern: Does the point person know what to do when they receive an alert and whom to escalate it to?