The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/624538
PEER TO PEER: THE QUARTERLY MAGA ZINE OF ILTA 38 Law firms have become a favorite target for cybercriminals. According to the "Cisco 2015 Annual Security Report," legal was the seventh most targeted industry last year, with the likelihood of law firms encountering malware attacks increasing 50 percent from the year before. The increase has many concerned that the legal profession could be earning a reputation as an easy mark for attackers. Law firms have even been called "the soft underbelly of corporate America." In 2010, a widely reported hacking incident occurred during the initial phases of a potential $40 billion acquisition of a potash firm. The attackers worked their way through seven law firms, seeking data related to the progress and parameters of the deal. In interviews that followed, cybersecurity experts and federal investigators contended that hackers saw attorneys as soft targets with easily breached entry points. The American Bar Association has since established its own Cybersecurity Legal Task Force that has a website with helpful resources. Even in the presence of information and outreach, however, individual attorneys and staff often remain unaware of the risk they pose to client privacy and their firm's reputation when they do not prioritize security. Others do not understand the nature and volume of risk they face in this highly interconnected world, too often finding themselves victims of malware and other system infections. Law firms face increased costs of cleaning up after breaches and an increased likelihood of public disclosure. To control this, IT leaders must focus on toning up the mentality of their firms. INSPIRING SECURITY CHANGE Major breaches against firms have become commonplace. Peter Tyrell, COO at security firm Data Guardian, told Bloomberg that at least 80 percent of the top 100 law firms have had some sort of breach. Many smaller firms have no formal security structure, with more attacks likely to succeed and remain undiscovered for a longer period. These attacks typically enter through the computers employees use every day. Users click on attachments to legitimate- looking email messages and visit websites infected with common attack and infection elements. The results include: • Machines so slowed that they must be completely reloaded • Theft of private information • The installation of ransomware — an increasingly common attack where entire systems are made inaccessible until a ransom is paid to the attacker Toning Up the Sof t Underbelly FEATURES