Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.
“The Internet is the first thing that humanity has built that humanity doesn't understand, the largest experiment in anarchy that we have ever had.” — Eric Schmidt
Eric Schmidt is trying to upset us. And his thought here warrants close attention because as a software engineer and the CEO of Alphabet (Google), he arguably understands the Internet about as well as anyone on planet Earth. It's a probe that does for the Internet what Marshall McLuhan's famous probes did for television in the 1960's: it shakes us up.
McLuhan used his probes to remove the blinders from our narrow, naïve thinking about electronic media so we could see where they were actually taking us: toward the electronically connected global village that we inhabit today.
Schmidt's probe does likewise for the Internet, with the difference that his vision is markedly darker than McLuhan's. It dispels once and for all the puffed-up and endlessly marketed notion of the Internet as an unmitigated blessing for humanity. It nudges us to look past all this hype so we can see the Internet for what it is: a mixed blessing at best, replete with promise and fraught with peril for humanity.
That's not an easy task. Most people feel uncomfortable being nudged in this way. Perhaps law firms especially.
But there's a reason why law firms might be prone to neglecting the Internet's downside. This has to do with the hyper-competitiveness of all business today — the relentless drive for business growth that's being fueled (of all things) by the Internet. In this heady atmosphere, law firms risk succumbing to the temptation — indeed, the seeming necessity — to exploit to the hilt the Internet's huge upside — its massive growth and profit potential — while neglecting its huge downside: its immense threats to data security.
For law firms, such neglect is exceedingly consequential, for it puts at risk core principles and capabilities that make possible the very practice of law. These include the fundamental tenet of attorney/client privilege and the indispensable ability to conduct sensitive M&A negotiations in absolute confidence.
Dilemma: Growth or Security?
To put it mildly, a dilemma arises here. And there arises also a challenge that may be put this way: In a digital age, does there exist a sweet spot between business growth and cybersecurity? A valid answer to this question requires, first, an awareness of the actual consequences of lax cybersecurity.
On this score we need look no farther than to the 2016 hacking of partner emails — specifically, a number of spear-phishing attacks — that led to the enormous data breaches of the elite New York firms of Cravath Swaine & Moore LLP and Weil Gotshal & Manges LLP. The stakes could hardly have been higher, for these firms, as the Wall Street Journal said, represent “Wall Street banks and Fortune 500 companies in everything from lawsuits to multibillion-dollar merger negotiations.”
Seven gigabytes of data were stolen. That's enough for tens or even hundreds of thousands of emails.
The three Chinese hackers recently charged with the hacks were smart. As targets, they chose partners whose practice areas included mergers and acquisitions and intellectual property.
The Chinese hackers are charged with using hacked data to make $4 million in profits from insider trading. That's bad. Worse yet is the possibility of hackers kidnapping M&A and intellectual property data and holding it hostage for huge ransoms. The worst-case possibility, as Fortune magazine reports, is that “the breach [of Cravath and Weil, Gotshal] took place as part of a larger initiative by the Chinese government.” See, http://for.tn/2pMY2W0.
Are Law Firms Taking Threats Seriously Enough?
So then, what's to stop breaches like these from occurring in 2017? Not nearly enough. In today's digital world there exist dozens of groups of expert hackers, be they Chinese or Russian, state agents, trained professionals or self-educated teens, that are entirely capable of doing to other firms what the Chinese hackers did to Cravath and Weil Gotshal.
And there exist dozens of law firms — including BigLaw firms — that aren't taking these hacker groups seriously enough.
At times, the legal profession's disregard of cybersecurity can be stunning. To take just one instance: the American Bar Association's 2015 Legal Technology Survey Report finds that nearly 40% of lawyers in the U.S. are using public Wi-Fi to access client data, but only 22% are using an encrypted connection.
All this raises the question of the actual state of law firm cybersecurity today. Several years ago, Jody R. Westby of the American Bar Association observed that “law firms have never been very good with technology, and now they are struggling, as breaches in firms have made headlines and clients increasingly are asking questions about their security programs.” “Cybersecurity and Law Firms: A Business Risk,” Law Practice Magazine, Vol. 39, No. 4 . Demand for data protection came, notably, from clients, not attorneys.
Recently, the 2016 Novitex and Association of Legal Administrators' (ALA) Report documented the extent of this neglect today. Based on a survey of hundreds of firms worldwide, the report found that “… law firms across the globe [are] primarily concerned with bolstering their business operations and financial viability above all else.”
The Report went on to say that “Only 8.4[%]of [800] firms [surveyed] were most concerned with reducing cybersecurity risk, compared to 7.8[%]of firms concerned with improving workflows. Around of half of those (4.1[%]) were also primarily focused on upgrading their technologies.”
These findings are alarming. In the long run, priorities like these one are invitations to trouble. There's a mantra going around these days that cybersecurity in a digital world isn't an IT problem, but a business problem. It's the right mindset, and it points the way to the sweet spot of data security as an actual driver of business growth.
Law Firm Response
Now let's see how law firms can strengthen their cybersecurity practices.
Belatedly, the legal profession is responding to market demand for data safety. Belatedly. Consider the ILTA Technology Review graphic of 2012:
As abysmal as these numbers are, what matters for our purposes here is the eight activities they measure. As an IT professional whose job it is to protect Chi Networks' customers from the downside of Internet anarchy, I see the need for these eight activities, in more comprehensive versions of them, to be as familiar to all members of a business as the rules of the road are to drivers. That's saying a lot. But in the digital world, computer security should be second nature.
My own updated and more comprehensive list of eight focal points for business protection looks like this:
So, will these eight steps, effectively implemented, make cybersecurity second nature for your colleagues? They won't. But they are solid steps in the right direction.
Conclusion
Eric Schmidt has it right. The Internet is an experiment in anarchy. It's taking humanity deeply and inexorably into a brave (and dangerous) new world of creative disruption on a global scale. That much we know for certain.
This awareness gives the legal profession in particular, as a primary guarantor of societal order, the responsibility of ensuring that data security becomes an actual driver of business growth. There's your sweet spot. If these words don't strike a chord, maybe six others will: Cravath Swaine & Moore, Weil Gotshal & Manges.
*****
Sanjiv Bawa is the CEO & founder Chi Networks in Chicago. This article originally appeared in Corporate Counsel, an ALM sibling of Internet Law & Strategy.
“The Internet is the first thing that humanity has built that humanity doesn't understand, the largest experiment in anarchy that we have ever had.” — Eric Schmidt
Eric Schmidt is trying to upset us. And his thought here warrants close attention because as a software engineer and the CEO of Alphabet (
McLuhan used his probes to remove the blinders from our narrow, naïve thinking about electronic media so we could see where they were actually taking us: toward the electronically connected global village that we inhabit today.
Schmidt's probe does likewise for the Internet, with the difference that his vision is markedly darker than McLuhan's. It dispels once and for all the puffed-up and endlessly marketed notion of the Internet as an unmitigated blessing for humanity. It nudges us to look past all this hype so we can see the Internet for what it is: a mixed blessing at best, replete with promise and fraught with peril for humanity.
That's not an easy task. Most people feel uncomfortable being nudged in this way. Perhaps law firms especially.
But there's a reason why law firms might be prone to neglecting the Internet's downside. This has to do with the hyper-competitiveness of all business today — the relentless drive for business growth that's being fueled (of all things) by the Internet. In this heady atmosphere, law firms risk succumbing to the temptation — indeed, the seeming necessity — to exploit to the hilt the Internet's huge upside — its massive growth and profit potential — while neglecting its huge downside: its immense threats to data security.
For law firms, such neglect is exceedingly consequential, for it puts at risk core principles and capabilities that make possible the very practice of law. These include the fundamental tenet of attorney/client privilege and the indispensable ability to conduct sensitive M&A negotiations in absolute confidence.
Dilemma: Growth or Security?
To put it mildly, a dilemma arises here. And there arises also a challenge that may be put this way: In a digital age, does there exist a sweet spot between business growth and cybersecurity? A valid answer to this question requires, first, an awareness of the actual consequences of lax cybersecurity.
On this score we need look no farther than to the 2016 hacking of partner emails — specifically, a number of spear-phishing attacks — that led to the enormous data breaches of the elite
Seven gigabytes of data were stolen. That's enough for tens or even hundreds of thousands of emails.
The three Chinese hackers recently charged with the hacks were smart. As targets, they chose partners whose practice areas included mergers and acquisitions and intellectual property.
The Chinese hackers are charged with using hacked data to make $4 million in profits from insider trading. That's bad. Worse yet is the possibility of hackers kidnapping M&A and intellectual property data and holding it hostage for huge ransoms. The worst-case possibility, as Fortune magazine reports, is that “the breach [of Cravath and
Are Law Firms Taking Threats Seriously Enough?
So then, what's to stop breaches like these from occurring in 2017? Not nearly enough. In today's digital world there exist dozens of groups of expert hackers, be they Chinese or Russian, state agents, trained professionals or self-educated teens, that are entirely capable of doing to other firms what the Chinese hackers did to Cravath and
And there exist dozens of law firms — including BigLaw firms — that aren't taking these hacker groups seriously enough.
At times, the legal profession's disregard of cybersecurity can be stunning. To take just one instance: the American Bar Association's 2015
All this raises the question of the actual state of law firm cybersecurity today. Several years ago, Jody R. Westby of the American Bar Association observed that “law firms have never been very good with technology, and now they are struggling, as breaches in firms have made headlines and clients increasingly are asking questions about their security programs.” “Cybersecurity and Law Firms: A Business Risk,” Law Practice Magazine, Vol. 39, No. 4 . Demand for data protection came, notably, from clients, not attorneys.
Recently, the 2016 Novitex and Association of Legal Administrators' (ALA) Report documented the extent of this neglect today. Based on a survey of hundreds of firms worldwide, the report found that “… law firms across the globe [are] primarily concerned with bolstering their business operations and financial viability above all else.”
The Report went on to say that “Only 8.4[%]of [800] firms [surveyed] were most concerned with reducing cybersecurity risk, compared to 7.8[%]of firms concerned with improving workflows. Around of half of those (4.1[%]) were also primarily focused on upgrading their technologies.”
These findings are alarming. In the long run, priorities like these one are invitations to trouble. There's a mantra going around these days that cybersecurity in a digital world isn't an IT problem, but a business problem. It's the right mindset, and it points the way to the sweet spot of data security as an actual driver of business growth.
Law Firm Response
Now let's see how law firms can strengthen their cybersecurity practices.
Belatedly, the legal profession is responding to market demand for data safety. Belatedly. Consider the ILTA Technology Review graphic of 2012:
As abysmal as these numbers are, what matters for our purposes here is the eight activities they measure. As an IT professional whose job it is to protect Chi Networks' customers from the downside of Internet anarchy, I see the need for these eight activities, in more comprehensive versions of them, to be as familiar to all members of a business as the rules of the road are to drivers. That's saying a lot. But in the digital world, computer security should be second nature.
My own updated and more comprehensive list of eight focal points for business protection looks like this:
So, will these eight steps, effectively implemented, make cybersecurity second nature for your colleagues? They won't. But they are solid steps in the right direction.
Conclusion
Eric Schmidt has it right. The Internet is an experiment in anarchy. It's taking humanity deeply and inexorably into a brave (and dangerous) new world of creative disruption on a global scale. That much we know for certain.
This awareness gives the legal profession in particular, as a primary guarantor of societal order, the responsibility of ensuring that data security becomes an actual driver of business growth. There's your sweet spot. If these words don't strike a chord, maybe six others will:
*****
Sanjiv Bawa is the CEO & founder Chi Networks in Chicago. This article originally appeared in Corporate Counsel, an ALM sibling of Internet Law & Strategy.
ENJOY UNLIMITED ACCESS TO THE SINGLE SOURCE OF OBJECTIVE LEGAL ANALYSIS, PRACTICAL INSIGHTS, AND NEWS IN ENTERTAINMENT LAW.
Already a have an account? Sign In Now Log In Now
For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473
In June 2024, the First Department decided Huguenot LLC v. Megalith Capital Group Fund I, L.P., which resolved a question of liability for a group of condominium apartment buyers and in so doing, touched on a wide range of issues about how contracts can obligate purchasers of real property.
With each successive large-scale cyber attack, it is slowly becoming clear that ransomware attacks are targeting the critical infrastructure of the most powerful country on the planet. Understanding the strategy, and tactics of our opponents, as well as the strategy and the tactics we implement as a response are vital to victory.
Latham & Watkins helped the largest U.S. commercial real estate research company prevail in a breach-of-contract dispute in District of Columbia federal court.
Practical strategies to explore doing business with friends and social contacts in a way that respects relationships and maximizes opportunities.