Peer to Peer: ILTA's Quarterly Magazine
Issue link: https://epubs.iltanet.org/i/1439196
52 P E E R T O P E E R : I L T A ' S Q U A R T E R L Y M A G A Z I N E | W I N T E R 2 0 2 1 landscape, and to do that, we as an industry must abandon outmoded practices and shift to more aggressive security stances. The RFI is the first step in socializing many new security concepts on our collective horizon. This data gathering will not only tell us where we are and where we have been, but also indicate where we are going. Data we need to protect our community As we gear up this important effort, we need your help. We must collectively understand our problems to develop coordinated industry-wide efforts to rectify them. So what can YOU do? First, help ensure you and your firm provide accurate and complete data. The resulting First Annual Cybersecurity Benchmarking Report from ILTA will only be as good as the data each of you as law firms provide. To help all of us get better, more actionable, and more accurate industry-wide data, there are several ways you can help. • Higher response rate. The more data ILTA peers share with the community, the more accurate the final reporting will be. • Complete data. It might not seem important, but filling out the entire survey, including demographic questions, like headquarters location, firm size, and role of the respondent, are key to understanding the nature of threats. Answer all the demographic questions every time. This data is being anonymized, but we all lose the power of insight without being able to understand the trends. • Good data. It's OK if you don't know every answer, but try to find someone who does. The best practice, when possible, would be to collaborate internally within the firm so that you answer as a group and can ensure your firm's contribution to the industry data is complete and accurate. New trends that demand more data Your full participation ensures we can gather valuable new data on several emerging attack trends and their impact on law firms, including: • Increased threats from targeted ransomware. We will go deeper into understanding not only firms' protective controls but also their cyber resiliency, including: • Backups of critical systems • Rapid recovery options • Proactive monitoring and reporting of anomalous behavior • Segmenting/preventing lateral movement • Impact of Covid. How did Covid-19 change the way law firms operate (remote work, digital collaboration, etc.), where data is stored, and how security extends beyond the network perimeter? How frequent were remote trials/depositions, and what is the future of legal proceedings and their digitization? • Cloud Security. What third-party vetting procedures and standards are you using, what MFA and SSO Integrations are in place, and what backup strategies and assumptions do cloud vendors have? • Standards Alignment. What frameworks are law firms adopting (e.g., NIST, CIS-18) and what certifications are they pursuing (e.g., SOC 1, SOC 2)? How far ahead are firms planning their security roadmaps and how do they evaluate and measure F E A T U R E S