Google Outage Reminds us All of the Importance of an Incident PlanDecember 15, 2020 - by Jason Bergerson, Jason Conley
Google’s services went down on Monday in a massive outage that prevented millions of users from accessing Gmail, Google Docs or YouTube accounts, and over the weekend, Microsoft users in Europe experienced disruptions to Office 365 services. More the ‘norm’ than ever before and impacting unprepared companies and individuals at unprecedented levels, these types of service interruptions are prime reminders that disruptions can happen to anyone, at any time.
It is anticipated that by 2025, 55 percent of the data stored by organizations and consumers will be stored in the cloud, as the desire to be connected and provided with real-time data continues to accelerate cloud adoption and data creation.[i]
It brings to mind the old adage “an ounce of prevention is worth a pound of cure.” While it isn’t possible to completely prevent business interruption following a service outage, you can prepare for them. Companies that are ill-prepared for sudden loss of system access caused by human error, outside threat actors, or disgruntled employees are at a greater risk for longer-term business disruption than are those that have a response plan in place.
In our October 2020 blog entry, Envista expert Jason Conley outlines how the collection and preservation of data creates a critical link between the incident and future litigation and resolution. At the outset of any event, it isn’t known if there will be litigation or even if there needs to be an investigation into its cause. However, the response plan that organizations have in place should be designed to assume that there will be. Any missteps early in the process could damage or destroy evidence that may be present to outline the chain of events and potentially attribute it to a particular user or responsible party–whether internal employee, outsourced agency, or threat actors from outside the organization.
To avoid these missteps, it is imperative to have your incident plan, and incident response team in place prior to any event occurring. It is often difficult to demonstrate a good return on investment for a hypothetical issue that may not happen. But, once the incident occurs, trying to respond effectively during a crisis without a well thought out plan can be disastrous. Common implications are significantly increased costs and delayed resolutions to bringing your company back online and getting expert assistance without having time on your side to vet the best possible external support available. Recent events involving highly organized threat actors, increased lay-offs, and retaliatory actions of disgruntled employees, coupled with society’s reliance on cloud storage in the coming years, signal that these threat events are a matter of ‘when’, not ‘if’.
By planning in advance, organizations can take the time required to properly secure response team members from outside of the organization. The specialized knowledge and experience that a qualified outside vendor can bring to the process are invaluable. But, in addition to this is a sense of objectivity that a neutral third party brings to the table, additional resources that can be applied in a time of crisis, and in the case of forensics a team that can follow the matter all the way to court.
If you are interested in learning more about how Envista’s Digital Forensics team can support your organization in developing a sound technology litigation response plan for cyber events, employment disputes, or suspected intellectual property theft, please contact us. We’ll be happy to have an initial conversation about your needs and where our experts can contribute to reducing the risk to you and your organization.
About the Authors
Jason Bergerson, Director of Digital Forensics with Envista Forensics, investigates and manages projects related to cyber incidents, computer forensics, mobile device forensics, and consulting on network security. With over 20 years of experience in computer technology, ediscovery, consulting and forensics, Jason is highly proficient in the implementation of various forensic tools, litigation and incident response plans.
Mr. Jason Conley is a Digital Forensics Examiner. Since 2003, Jason has been providing computer forensic services and cyber-investigation support to a wide array of clients including corporate directors & security management, legal departments & law firms, government agencies, private investigation firms, forensic accountants, and business owners & managers in the Greater Toronto Area and across Canada.