Cybersecurity is evolving. This is more than just a technology issue or an added clause in the retainer agreement—it’s the biggest risk that law firms face in 2017. Cravath, Swaine & Moore and Weil Gotshal & Manges, two of the largest firms in the United States, got caught in a major cybersecurity breach later linked to a $4 million-plus insider-trading scheme. Other law firms that were hacked in the past five years include Panama-based law firm Mossack Fonseca, NYC law firm Cravath, Swaine & Moore and Weil Gotshal & Manges and Wiley Rein, one of the largest law firms in Washington, D.C. Today, cyber risk is just a part of doing business for law firms – big ones and large ones.
Law firms are an easy target for hackers, and hackers seek ways to monetize their break-ins. They use ransomware to steal data and use blackmail blocking access to the firm’s computer system until the ransom is paid. Another strategy is to threaten the publication of embarrassing information. And if law firms don’t comply with the demand, they risk losing confidential data permanently. Here are three top reasons why cybercriminals target law firms.
The threat to law firms is real. “In the spring of 2016, more than 40 of America’s top law firms were targeted for information on global mergers and acquisitions in one single hacking event. As reported by DataBreaches.net, the American Bar Association confirmed that approximately 25% of all U.S. law firms with 100 or more lawyers had experienced a data breach in 2015. These incidents occurred in the form of website attacks and break-ins. Lost or stolen items, like computers or cell phones, also contributed to these statistics. During the same year, 15% of all law firms reported an unauthorized intrusion into the computer files of their practices. “
Law firms can make it difficult for hackers. All the technology in the world cannot protect a law firm. People are the weakest link in the cybersecurity chain, and employees need to be better trained at spotting things like a phishing email. Law firms can fight back by keeping backups disconnected from the internet and network. This way, they can’t be hit by malware. Patches need to be installed to fix holes in security and updates to the software should be done on a regular basis. This will prevent leaving the door open and letting cybercriminals in. Archives, unidentifiable users, and executable files should be blocked. And if using cloud storage, the law firm should control the encryption key itself. The cybersecurity program should always meet the needs of all clients. There should be effective restrictions on all mobile devices. If a breach should occur, systems need to be set to capture log data. Law firms should also share threat information about vulnerabilities with others. Awareness is key.
Law firms face the same most common attacks as other types of companies and organizations. Here’s a list of the most common five:
Both strong end-user education and updated anti-malware are very effective to fight socially engineered malware. Anti-spam vendors should be used to have clean inboxes. Up to 70 percent of email is spam. Unpatched programs like Adobe Reader should be perfectly patched to decrease the risk of an attack. Rogue friends and bad applications are often seen on social media sites like Twitter, Facebook, and LinkedIn. Many of the worst hacks actually start on social media. Law firms need to make sure that employees do not share corporate passwords and use sophisticated logins to ward off hackers who disguise themselves as friends. The most common method for an advanced persistent thread is to send a specific phishing campaign. It’s easy to trick employees with this strategy. Preventing this type of attack is tough, but law firms need to understand their own network traffic patterns to catch it.
It’s important that law firms ensure its defenses are aligned with the most common attacks. If you’d like to learn more about how to protect your law firms against cyber attack, contact Dynamic Quest today to talk more about managed IT services for law firms!
The three sectors with the biggest spending on cybersecurity are banking, manufacturing, and the central/federal government, accounting for 30% of overall spending (IDC).
The internal team was energized. With the Level 1 work off its plate, the team turned its attention to the work that fueled company growth and gave them job satisfaction.
It takes an average of 287 days for security teams to identify and contain a data breach, according to the “Cost of a Data Breach 2021” report released by IBM and Ponemon Institute.
40% of businesses will incorporate the anywhere operations model to accommodate the physical and digital experiences of both customers and employees (Techvera).
More than 33 billion records will be stolen by cybercriminals by 2023, an increase of 175% from 2018.
The cost of cybercrime is predicted to hit $10.5 trillion by 2025, according to the latest version of the Cisco/Cybersecurity Ventures “2022 Cybersecurity Almanac.”.
Forty-three percent of attacks are aimed at SMBs, but only 14% are prepared to defend themselves (Accenture).
The average cost of a data breach in the United States is $8.64 million, which is the highest in the world, while the most expensive sector for data breach costs is the healthcare industry, with an average of $7.13 million (IBM).
We did a proof of concept that met every requirement that our customer might have. In fact, we saw a substantial improvement.
We did everything that we needed to do, financially speaking. We got our invoices out to customers, we deposited checks, all the things we needed to do to keep our business running, and our customers had no idea about the tragedy. It didn’t impact them at all.
“We believe our success is due to the strength of our team, the breadth of our services, our flexibility in responding to clients, and our focus on strategic support.”