The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/80353
"The Social Network," where some college kid sits in a darkened dorm room surrounded by empty cans of caffeinated beverages, feverishly tapping away at his computer, seeking the thrill of the hunt or revenge against some foe. A few simple layers of enterprise-grade security equipment on the perimeter were more than sufficient to keep us safe. The idea of a government-sponsored attack, à la "Patriot Games," against some small private company halfway around the world just seemed like crazy talk. Brenner shows us that even the most sophisticated network defenses have been compromised time and again. We're starting to see this firsthand as more in-depth and organized attacks against companies (including law firms) are taking place. Speaking of organized, there are also Mafia-sponsored events, where crime syndicates are turning hacking into an enterprise more lucrative than all other crime ventures combined. Brenner shows us all too vividly that today's hackers have the things that their predecessors didn't: time and money. How has this book prompted change at your firm? Mark: When I gave this book to my technology steering committee, they read it and immediately took action. In under 60 days, we launched our first internal security awareness training program for all employees. Several shareholders sent out Brenner's information and other relevant news to fellow shareholders and decision makers. The message that things have to change came from several sources, so there was little resistance. The IT director wasn't bringing up the Boogie Man in order to justify spending more money; their peers, the NSA and the FBI were telling them that if security isn't addressed, their livelihoods may be at risk. How does "America the Vulnerable" relate to the LegalSEC™ initiative? Carlos: The author gives advice as to what organizations should be doing to better position themselves to face current security challenges. Many of these recommendations are being addressed by LegalSEC, including security awareness training, asset management, auditing and risk management. Brenner refers to our profession directly as being one of the weakest links because of the importance of the information that our systems hold, in conjunction with the lack of strong security programs that law firms usually have in place. We are trying to tackle this collectively and provide guidance to our peers so that everyone can better protect themselves. Who should read this book, and why? Carlos: This is a business book, rather than a technical book, and it gave me insight into how state-sponsored cybercrime works. It complemented my technical knowledge, but a background in technology isn't necessary to benefit from Brenner's teachings. I would recommend this book to general counsel, the board of directors and executive committee, heads of IT and to security, records and risk professionals. Everyone in our profession should be knowledgeable about the threats and recommendations presented in this book. Mark: I agree — everyone needs to read this. Security problems are in plain sight, but too many people aren't noticing. Profitable businesses may find their doors are closed in the future due to a security breach. To take things to another level, one day these problems could lead to a more serious turn of world events (see Stuxnet & Flame). "America the Vulnerable" woke me up to the realities of being responsible for an organization's intellectual property and gave me new perspectives on what needs to change. We all need to shift our priorities from relying on tougher technology solutions and turn toward low-cost, more effective user education solutions. It only takes one person to totally undermine your thousands (and in some cases, millions) of dollars in security investments. Mark Brophy is the Director of Information Technology at Rogers Townsend & Thomas, PC. He is a member of ILTA's Server Operations and Security Peer Group Steering Committee. Mark can be contacted at mark.brophy@rtt-law.com. Carlos Rodriguez, CISSP, is responsible for all network infrastructure and information security operations at Lathrop & Gage LLP. With over 12 years of achievements in the delivery of technology, including six years in the legal profession, he has implemented both traditional and nontraditional solutions, including unified communications, virtualization, SaaS and cloud implementations. Carlos serves as ILTA's Server Operations and Security Peer Group Vice President, and he leads ILTA's LegalSEC initiative. He can be contacted at crodriguez@lathropgage.com. Peer to Peer 95