The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/1150262
50 2019 Legal Threat Intelligence Spotlight B Y M A R K S A N G S T E R T here are many cybersecurity reports that examine the global threat landscape, but few shed light on unique cybersecurity challenges faced by individual industries. Because no two industries face the same types of cyberthreats, eSentire is creating a series of focused reports to educate IT and executive leaders in vertical markets, with the debut issue titled, The 2019 Legal Threat Intelligence Spotlight. The legal industry is unique, especially as it is an economic nexus with unparalleled access to privileged information from government, industry and investors. The need to protect sensitive business and personal data made this industry one of the earliest adopters of managed detection and response technologies. This large sample set enables eSentire to focus its first industry-specific Threat Intelligence Spotlight on the legal landscape. Every year, eSentire security operations investigates nearly two billion indicators of compromise. eSentire's Legal Threat Intelligence Spotlight draws upon anonymized customer network traffic from dozens of law firms within eSentire's 650-plus base of customers. It complements existing data from private, public, and industry resources to help legal professionals make better decisions about their cybersecurity priorities. One key finding reveals that over the last few years law firms continue to improve their overall cybersecurity hygiene and, similar to financial services, are considered one of the more mature industries in protecting client assets from cyber criminals. This improved posture has resulted in firms having a lower incident rate for nuisance cyberattacks vs. other industries such as healthcare, manufacturing and ener. Published in collaboration between eSentire and ILTA This positive trend comes at a time when ILTA research shows that firms are beginning to embrace emerging technologies, yet funding for security and general employee training is starting to wane. This combination is especially dangerous as cybercriminals are increasingly using exploitations focused on internal systems and cloud services. A fundamental lack of employee training leave firms vulnerable to exploits and breaches caused by unintentional user errors, misconfiguration of security and privacy controls and exploitation through clever phishing campaigns and fake invoices. The 2019 Legal Threat Intelligence Spotlight discusses these emergent issues and provides unique insights specifically for legal firms including: • Almost 20 percent of IT assets are susceptible to being exploited by a high or critical severity vulnerability • Top internal threats come from email or drive-by downloads, with unique lures that mimic Adobe Cloud services and American Express credit products that cater to high net-worth individuals and prolific travelers • MalDocs remain dangerous by leveraging Microsoft macros to deliver malware that collects credentials, logs keyboard inputs and captures screenshots • According to historical data, there is a 46 percent chance that a legal firm will experience a security incident within the next 12 months Get the full report on threat analysis, as well as practical recommendations that legal firms can implement to prevent their networks from being compromised. ILTA D O W N L O A D R E P O R T