Read how LAW FOR ALL's partnership with Cyberlogic's CyberForensics team resulted in an incident response plan that improved cyber security and GRC practices.
Established in 1993, LAW FOR ALL is a legal insurance provider making legal advice affordable for all South Africans. To ensure its legal practitioners can focus on client service without technology-related distractions, LAW FOR ALL built a legal software suite to enhance efficiency by minimising time spent on routine tasks.
While technology introduces innumerable efficiencies and enhancements, it also introduces complexity, especially where governance, risk, and compliance (GRC) are concerned. Policies are required to ensure the company, its employees, and its clients are protected in the event of a security incident and to ensure the company complies with the stringent data protection requirements set out in the law. Recognising that need, Michael Pieterse, who began his career at LAW FOR ALL as a member of its dedicated team of software developers, initiated a partnership that would change the face of cyber security and GRC at LAW FOR ALL.
Building on a strong partnership
As a legal insurer, LAW FOR ALL has a unique business model, which includes underwriters and corporate partners with strict cyber security and GRC requirements. This complexity, along with the uncertainty that generally accompanies the dynamic world of cyber security, led Michael to seek guidance from a trusted partner.
Michael was introduced to Roscoe Petersen, Head of Cyber Security at Cyberlogic CyberForensics. Michael’s initial ask was for a penetration test to gain a better understanding of the organisation’s vulnerabilities. As Roscoe always says, a penetration test is only the beginning of any cyber security relationship because once you have a view of your security gaps, prioritising and addressing them becomes a point of focus.
“The beginning of a beautiful friendship”
After the completion of the penetration test, Roscoe and the Cyberlogic CyberForensics team quickly made their value known. "After the pen test, Roscoe asked if there was anything else he could do for us, and we started chatting about our incident response plan."
In the world of cyber security, the primary focus is on preventing a breach and because of this, many organisations forget to answer the question of what to do if a breach does occur. This is where an incident response plan comes in. The incident response plan outlines specific instructions to be followed in the event of specific breach scenarios playing out, this can mitigate further damage and additional cyber risk and – importantly – reduce recovery time. Without an incident response plan in place, organisations tend to flounder in the event of a breach, not knowing how to stem the flow of information or go about the business of securing its systems again. Even small cyber incidents, like malware infection, can spiral into major issues if not addressed quickly.
With this critical understanding, Michael and the Cyberlogic CyberForensics team began to scope LAW FOR ALL’s GRC requirements. With the GRC solution mapped out and an implementation roadmap in place, the focus shifted to the development of a robust incident response plan to manage the impact of potential threats. Michael, reflecting on this phase, noted, "For the six years before I moved into security, we never had a concrete incident response plan in place, so it was something we desperately needed." The Cyberlogic CyberForensics team quickly embarked on this significant undertaking, impressing Michael with their efficiency and depth of understanding.
The incident response plan wasn't simply a checkbox exercise; it became a comprehensive guide that surpassed Michael's expectations. "We've got a response plan that says who must do what, and there’s no scrambling for information," he emphasised. The practicality of the plan shone through when LAW FOR ALL's corporate partners requested a similar document. Michael expressed his satisfaction, saying, "The shock when we pulled the incident response plan out of the bag was incredible to witness."
.png?width=800&height=263&name=Greatsoft%20Website%20Client%20Case%20Study%20Quotes%20(1).png)
The plan, not only identified areas of improvement but also provided practical solutions and recommendations to close gaps, delivering tangible value. Michael found this aspect particularly noteworthy, stating, "I knew we needed to go through the exercise of identifying the policies that needed updating, but it was a project I was not looking forward to. And then to have the GRC team come in and do it for me was just absolutely amazing." The incident response plan, with its detailed suite of documents, checklists, and flowcharts, positioned LAW FOR ALL as a proactive and resilient player in the legal insurance landscape.
True success is shared success
In the spirit of true collaboration, a hallmark of the Cyberlogic CyberForensics approach is to share knowledge, building internal competency as they deliver. This collaborative spirit went beyond addressing immediate needs, extending to knowledge transfer. Unlike experiences where expertise might be guarded, Michael found it to be a refreshing approach. "They weren’t proprietary about it, hoarding the knowledge and skills to keep me dependent on them. That was really cool," he emphasised.
In the ever-evolving landscape of legal insurance, LAW FOR ALL has not simply adapted, they have thrived by embracing technology and forging strong, collaborative partnerships to ensure their security. The relationship with Cyberlogic's CyberForensics team is a testament to the power of shared expertise and a commitment to mutual growth. The success of this partnership is defined by more than the solutions provided; it’s defined by the true success found in shared success.