Cybersecurity should be a major priority for all firms
in 2016. The problem is, not everyone is playing with big law resources.
According to the ABA, of the more than 1.3 million
lawyers practicing in the U.S. today, 89 percent of them are in firms with ten people or less. And although they might
not have the same cybersecurity team and assets that bigger firms do, it’s
becoming increasingly vital for small firms to ensure security for their
clients.
These days all businesses are at risk, because all
businesses likely interact with the internet. Put simply there’s just more ways than ever for data breaches to occur. Which means that when companies do
decide to hire out, they’re doing it carefully—and are likely to be unhappy
when they find out that in the last year organizations spent an average of about $10 million to respond to security incidents as a result of negligent or malicious third parties.
Losing that much money—and, worse, sensitive information—in translation is
definitely a major loss.
But while a Nationwide survey last year found that 63 percent of small businesses had been attacked at least one, a survey by
Towergate found that 82 percent of small business owners were safe from being attacked, because they had
nothing to steal. In reality, they couldn’t be more wrong.
“In modern business supply chains, a series of
companies are connected to build a product or deliver a service,” David Burg,
global and U.S. cybersecurity leader at PricewaterhouseCoopers, told Forbes. “When the little guy is compromised, the hacker goes
up the supply chain to the client.”
Smaller businesses and firms often lack the technical
capacities and insight to protect themselves against hacker activity. And with
lawyers that threat is only compounded: Hacking a small firm is more than just
a potential foothold in the path to bigger fish, it’s a step with its own sensitive information that can bring down
companies and firms alike. Lawyers uniquely deal with confidential
details and business transactions more than almost any other business, and the
countless number of classified materials that pass by a lawyer’s eyes could
mean big dollar sign eyes for hackers. Especially as the type of attack shifts
from nation-states and hacktivists to more of a daily assault, more akin to
burglary and common criminals, as LegalTech News writes:
The attacks [in 2010, says Joseph Abrenio, vice
president of commercial services at Delta Risk and president of the Midwest
Cybersecurity Alliance], were mainly executed by “script kiddies”—unskilled
perpetrators with little technical knowledge that deploy scripts and programs
developed by experts—”who just wanted to make a name for themselves.”
But now, “you’re seeing much more of what we call
‘advanced persistent threats’ that are targeting lawyers,” Abrenio says. “So I
think not only have the frequencies of attacks increased on law firms, but the
complexity, too.”
With their tranches of highly confidential and
sensitive information, law firms are increasingly finding themselves in
cybercriminals’ crosshairs “because [they] are traditionally weak in cyber, not
only in their technology but in their employee training and processes as well,”
Abrenio adds.
And for hackers it’s paying off. Cybercrime is
reportedly a $2 trillion industry these days, and shows little sign of slowing down, especially
with increasing adoption of cloud networking and the Internet of Things.
Which may be one of the reasons the FBI reports that only 20 percent of businesses are
actually reporting the crimes and turning to law enforcement.
Breaches aren’t exactly good for business, and won’t inspire people to work
with your firm in the future. And after paying for your own information back,
the idea of losing clients is just salt on the wound and money out of the bank.
Not to mention that for some small firms, a lost client could be the future of
the firm.
But just because small firms don’t boast the same
resources as big law doesn’t mean they can’t protect their clients. They just
have to be strategic and vigilant about it—expecting to set aside some time to work and review
it with some regularity. As Peter
S. Vogel writes for
the Internet, Information Technology, & e-Discovery blog, the first line of defense can be the law firm, if
they work at it:
Of course the advice in Osterman’s Report is not
limited to lawyers, these phishing and malware scams affect all industries.
Here a 3 of the 8 key takeaways:
·
Cybercriminals are getting better, users are sharing
more information through social media, and some anti-phishing solutions’ threat
intelligence is not adequate. This makes organizations more vulnerable to
phishing attacks and other threats.
·
Users should be considered the first line of defense
in any security infrastructure, and so organizations should implement a robust
training program that will heighten users’ sensitivity to phishing attempts and
other exploits.
·
IT and business decision makers should implement best
practices to help users more carefully screen their electronic communication
and collaboration for phishing and other social engineering attacks.
Without question these cyberattacks will not abate
anytime soon, so every employer should be training employees continuously.
No comments:
Post a Comment