Peer to Peer: ILTA's Quarterly Magazine

Issue link: https://epubs.iltanet.org/i/1439196

Contents of this Issue


Page 34 of 106

35 I L T A N E T . O R G C ompliance and data security are never far from mind for corporate legal departments (CLDs) or the law firms that they frequently collaborate with. A recent survey of Chief Legal Officers (CLOs) by the Association of Corporate Counsel (ACC) found for the third consecutive year that cybersecurity, compliance, and data privacy were the most important issue for CLDs, with cybersecurity first among those concerns. Meanwhile, the same survey found that over half (53.6 percent) of CLDs believe that data privacy protection rules will pose one of the biggest challenges to their organization, with 80 percent expressing concern over changing data privacy laws in the jurisdictions where they do business. Fully 90% expected data privacy concerns to accelerate. Put simply, challenges abound on multiple fronts – but the right cloud can play a fundamental role in helping these organizations to keep email, documents, and knowledge safe and secure, properly governed, and compliant, even amidst the thicket of thorny security and compliance issues that today's legal organizations must navigate. Risk from Multiple Directions First amongst these challenges is the rise of the hybrid workplace, which sprang up in response to the COVID-19 pandemic and then gained a foothold in firms and corporations of all sizes. According to Cushman and Wakefield, 90% of law firm respondents anticipate that 10% of their lawyers will be working remotely at least twice a week within the next two years. The environment outside the four walls of the office is a much more difficult environment to secure. Hybrid work aside, there's the simple fact that many end users within legal organizations are already in the cloud and using services that lack proper governance. For instance, if teams are using messaging, file sharing, collaboration, or email services, then they are likely already sharing sensitive information in the cloud – possibly via consumer services like Box, Dropbox, or Google Drive. Even organizations that primarily use on-premise software deployments are not fully immune from potential vulnerabilities. According to Microsoft research, 80% of organizations that use on-premise servers still use the cloud for at least a portion of their data protection strategy. Alongside these trends, ransomware and cyber security threats and attacks continue to rise in number and maturity. The CEO of the UK's National Cyber Security Centre said in June 2021 that ransomware was the key threat facing the UK. Ransomware is, of course, equally prevalent in the US: The Department of Justice has said that around $350 million in ransom was paid to malicious cyber actors in 2020, an increase of more than 300% on the amount paid out in 2019. The legal sphere remains an attractive target for these attacks. Research from global cyber security firm BlueVoyant found that 100% of law firms analyzed were targeted in attacks by threat actors, and 15% of a global sample of law firms showed signs of compromised networks. Lest law firms and CLDs think that the bad guys don't bother going after "small fish," Sophos' The State of Ransomware 2020 reveals that ransomware is no longer just a threat to larger organizations. It found that just under half (47%) of the organizations with 100-1000 employees in its survey were hit by a ransomware attack, while just over half (54%) of the organizations with 1001- 5000 employees were hit. Finally, compliance – whether it stems from a client RFP detailing standards for data protection, or from a new law or regulation that has been issued – continues to grow more complex, with increasingly high-stakes penalties for failure to comply. Witness the $59 billion USD paid out in penalties by corporations for U.S. regulatory infractions

Articles in this issue

Links on this page

Archives of this issue

view archives of P2P - winter21