Over the past several years, coordinated cyber-attacks against regional and global law firms have been on the rise. In her closing keynote address at LegalTech New York 2013 a few short weeks ago, FBI special agent Mary Galligan warned that “[w]e have hundreds of law firms that we see increasingly being targeted by hackers.” Coming from Galligan, the special agent in charge of cyber and special operations, this is a dire warning indeed. “We all understand,” she continued, “that the cyber threat is our next great challenge.”
While law firms hold enormous stores of client data, it is no secret that cyber security is not one of their core competencies. In fact, most law firms and, thus, most attorneys’ electronic files are not well protected. Indeed, most firms (and most small- to-medium-sized businesses in general) simply can’t (or won’t) provide the resources necessary to vigilantly protect their highly sensitive, confidential, documents. Many firms are not even aware that they have suffered a breach until well after the incident, when an agency like the Federal Bureau of Investigation informs them that their client’s data has been found on a server in another country as a result of a security compromise linked back to the firm.
So, what data is being targeted? The answer is every conceivable form of documented intellectual property. For instance, proprietary knowledge around an invention: specifications, lab notebooks, draft patent applications. Financial details concerning a merger or acquisition (even a transaction that never fully materialized) would give any interested outside entity an upper-hand in future negotiations. Similarly, any details about an organization’s inner-workings – details typically shared with attorneys during many different types of litigation – would enable competitors to assess the financial stability of an organization, among other things. The bottom line is that clients generally do not approach law firms when things are going well and they have no sensitive issues. They seek counsel when they are engaged in either deeply sensitive and highly expensive conflicts, which tend to generate correspondingly sensitive information that is of potentially great value to third parties.
So, how we prevent this? First, we need to discuss how the attacks are done today. In most cases, simply, busy end-users who are not security-savvy unwittingly leave the firm’s virtual doors unlocked or ajar. Once an intruder has access to a single individual’s networked machine, he or she has the ability to move freely within the entire organization. Like a cat burglar from the movies, the intruder can prowl the network, generally undetected, gathering all of the information they want, and slipping away before detected. Unlike a cat burglar, however, this intruder only steals a duplicate of the information. So in the morning when the weary staff hobbles back for another day, no one notices the theft.
Even more troubling, while firms certainly have not kept up with security needs, they have stayed abreast of emerging technologies. They use thumb-drives, virtual machines, remote “war rooms” many strive for “paperless” offices. They also work from their mobile devices and their homes and regularly meet through virtual conferences to discuss their highly-sensitive work. At every point along the way, they open a new possibility for breach. If you simply Google cyber attacks on law firms you will get over 3 million results, which is absolutely staggering.
In my opinion, firms need to start looking at the cyber security threat in the same way that large corporate enterprises and the federal government does. And, conversely, corporations and the federal government need to thoroughly vet the securities practiced by law firms before they hand over their data. Do they have up-to-date network diagrams, physical access logs, and legal notices upon logging in? Do they utilize and log firewalls, intrusion detection systems, remote access servers, virtual private networks, and web servers? Again, Mary Galligan put it quite bluntly at LegalTech, “The more mobility you have, the more documents you’re sending through the internet, the more likely you are to be the victim of a cyber-attack, and that’s what we’re seeing at law firms.”
AccessData has been in the business of detecting, preventing and, when that fails, helping businesses recover from cyber threats for nearly three decades. We understand that the threat continues to evolve at a rapid pace and that answers to and anticipations of the threat require constant and vigilant development as well. In order to find out more about how AccessData is helping organizations deal with cyber security threats, please take a moment to visit us here. And, if you don’t feel that your organization is prepared to deal with this initiative on its own, please contact our Professional Services department and allow us to assess your needs and provide managed security options.
To quote Special Agent Galligan one last time: “The cyber threat is too big for any of us to fight alone,” – especially when the stakes are so high for law firms.