by Adam Carlson and Matt Wolf of Carlson & Wolf LLC
Twenty years ago, it was primarily the military and Department of Defense contractors who had to worry about
so-called "advanced persistent threats" (a term reserved for foreign entities carrying out espionage against specific targets for specific reasons). At the time, foreign entities primarily wanted intelligence for military purposes, and they targeted their attacks accordingly. Industrial espionage has recently emerged as the greater challenge, with economic secrets taking on an importance seemingly similar to military secrets. To address cyber threats, corporations have ramped up security protections, with an estimated 60 billion dollars spent globally on information security in 2011 and a steady rise in that spending predicted for the next three to five years. As corporations
continue to strengthen their security, attackers have sought easier ways to obtain valuable intellectual property and financial data. Because the legal industry has been slow to invest in information security, law firms have emerged as that easy target, making them the "weak link" in the security of their clients' data. That was the stark message the FBI delivered to the top 200 law firms last November when FBI officials warned that a number of firms had already lost data to attackers. The FBI urged the industry to act swiftly in addressing this growing threat. At first glance, computer-based attacks would seem to be the bailiwick of IT. But implementing effective data security requires an effort that extends beyond the IT department. In the high-stakes game
54
Peer to Peer
