When companies fall victim to cyberattacks, the prior actions of their general counsel or chief legal officer to protect important data often draw close scrutiny from other executives and the board.
Company leaders typically want to know whether legal department officials with oversight of data security took reasonable steps to safeguard business and customer information, as well as ensure cybersecurity systems in place were operating effectively.
Danielle Sheer, chief legal and compliance officer at Commvault, said her data management company recently released a product that could help legal department leaders more effectively defend their organizations against cyber intruders.
The offering known as Metallic ThreatWise uses decoys to bait bad actors into engaging fake resources, which prevents them from reaching their intended targets and compromising data.
“Everybody at this point should assume bad actors are going to get it in,” Sheer told Legal Dive. ThreatWise “sets up traps for them so that we can get an early warning that they got into the system and [then] shut everything down.”
Sheer highlighted that there are hundreds of millions of cyberattacks annually, and ransomware attacks are on the rise.
Meanwhile, an attacker sits undetected within a network an average of 146 days, according to Microsoft’s Advanced Threat Analytics.
Sheer said those figures emphasize the need for companies to implement a tool such as ThreatWise that provides immediate notification to key business stakeholders when a bad actor engages a fake resource. This allows for countermeasures and remediation efforts to be initiated quickly.
She said ThreatWise alerts are much preferable to the ones GCs and CLOs fear getting late at night about a successful cyber intrusion.
“How great would it be to get a call in the middle of the night that says, ‘The ThreatWise alarm went off. We were able to stop [the attack]. We know the three files that were accessed, and they were all bait,’” Sheer said. “Versus, ‘Somebody's in the system. We don't know what's going on. We're going to get a team together. Put a strong pot of coffee on.’”
Sheer advises legal teams and other departments responsible for data protection to be transparent when a threat is stifled in the same way they would notify company higher-ups when a data breach has occurred.
The lessons learned from these events should be shared with internal stakeholders, including the executive team and company board committees that oversee risk.
“We ask our boards to invest a lot of money in cybersecurity and in security programs in general,” Sheer said. “It's really important to show them when it works.”
The ThreatWise product is part of the broader Metallic SaaS portfolio providing enterprise-grade data backup and recovery.
ThreatWise’s sensors are invisible to legitimate business users and systems, so interactions can only come from a malicious source, according to Commvault.
Sheer said she expects the product will continue to evolve to best protect users against bad actors.
“They're not going to stop trying to find new ways through,” she said. “We have to do everything we can to try to stay one step ahead of them.”