As hackers increasingly vie for organizations’ hard
intellectual properties, law firms’ cyberattacks are the inevitable cost of
doing business.
Ricci Dipshan , Legaltech News
The following
is part one of a two-part series addressing the state of cyberattackers against
law firms. Part two will discuss cybersecurity
best practices, strategies and common mistakes.
Douglas Bloom, director of cybersecurity and
forensics at PricewaterhouseCoopers (PwC) let the audience at PwC’s Law Firm
Services Global Forum’s “Cyber Risk – A Growing Threat” session in on a hard
truth — cyberattackers are hitting law firms and companies harder and more
frequently than ever before. Attacks “increased by 42 percent last year — it
went up to 58 million attacks per year in 2015,” he said. “To put that into
context, that’s a little over 150,000 attacks per day.”
James Fox, partner at PwC's New York Metro Risk
Assurance Cybersecurity, explained that many breaches and cyberattacks on
organizations happen due to some “some third party, it could be law firms, it
could be a third party that does billing, etc.” But out of all the third
parties a company hires, law firms are the most sought after because they are
often the path of least resistance to a company’s most valuable data.
Usually cyberattackers “have to dig through a
lot of information, a lot of databases to find those nuggets,” of data they are
after, Fox said. “What’s great about law firms is that a lot of that
information is consolidated. The concentration of information is one of [law
firms’] challenges…If I am looking for information on ‘company Z,’ I guarantee
the first thing I am going to do is see how well protected their law firm is.”
“In addition to that, I can get information on
more than one company [from a law firm],” Bloom added. “The days of looking for
PII so I can go create fake credit cards are over; what is really getting popular
is theft of IP.”
Bloom noted that the state of attacks in 2015
“comprise a business risk instead of just an IT risk,” adding that “what we saw
last year was an increase of attacks against hard intellectual property that is
at the core of the business,” such as patents and blueprints.
The desire for business information even affects
law firms that handle obscure intellectual property that might not strike many
as valuable. “There is always a sparingly robust market for this information,”
Fox said, recalling an incident where esoteric business information on the dark
web was sold for around $100,000 to a buyer most likely from China who could
use the information in opening a similar business.
The shift towards targeting law firms for
companies’ valuable business information was front and center in early 2016,
when hackers targeted dozens of law firms working on M&A deals, including Cravath, Swaine & Moore and
Weil, Gotshal & Manges.
“It’s a trend we see moving forward, where the
law firm, because of all the deals, was a major target,” Bloom said.
There was also the business-data related “ Panama Papers” breach of the Mossack Fonseca Group law firm, which Fox called “largest single
breach in terms of confidential information…It makes the Pentagon Papers look
like a joke.”
The revelation of widespread and potentially
unprecedented breaches at law firms this year, however, did not surprise either
speaker. “Conservative statistics show that for any one of these breaches that
is identified, 20 of them are not identified, seen, or reported — and that’s
conservative, it’s probably much higher than that… They are not outliers; it
truly is an indication of the impact of these.”
Know your Enemy
Bloom advised that “understanding what the
threat is understanding who is after your information,” and classified cyberattacks
into four groups: hacktivists, organized crime, nation-state actors, and
insiders.
Most external cyberattacks “are not kids in a
garage; it’s a very organized group and specialization is phenomenally good,”
Fox added. “The person who writes the email isn’t the same person that sends
the email and does URL scrambling. You find it’s a phenomenally efficient and
well organized market that gets this done.”
He described the cybercrime underworld as a
meritocracy that is “all reputation based,” where top leaders form “a known
persona in the industry” to become a trusted source for stolen information. But
the marketplace these actors deal in is not entirely open. “They will tell you
I’ve sold this [stolen information] three times in the past, I don’t intend to
sell it a fifth time…this is how ‘ethical’ these guys can be in the approach.”
No comments:
Post a Comment