Law.com Subscribers SAVE 30%
Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.
DLA Piper Isn't Alone — 40% of Law Firms Unaware of Breaches
The DLA Piper attack has legal professionals paying attention, but cyber attacks on law firms are far from unique.
According to a recent report from IT security provider LogicForce, hacking attempts were made on over 200 U.S. law firms between 2016 and 2017, 40% of which didn't even know that they had been breached.
Titled “The Law Firm Cybersecurity Scorecard,” the report is the first of a quarterly effort by LogicForce intended to educate both law firms and the corporate legal departments that would hire them of the security issues impacting their industry. John Sweeney, president of LogicForce, says the results present “plenty of opportunities for corporate legal and law firms to get on the same page” with cybersecurity, and that there are “a lot of opportunities for law firms to tighten up their controls and get onboard with what their corporate clients are requesting.”
“We're finding some areas to be consistent across a wide variety of firms, both big law and small law, that it doesn't take a lot to improve,” Sweeney says. “We want to educate the industry on, 'Hey, you don't have to be spending millions upon of millions of dollars to tighten up controls that your corporate clients want to see in order to secure your processes and keep up with your obligations to protect.”
Indeed, many of the security issues found at the law firms surveyed were consistent. Despite the frequency with which breaches are linked to third parties (63%), the majority of law firms (80%) don't vet them. Similarly ubiquitous is law firms' lack of compliance with their own cybersecurity standards — 95% of firms weren't compliant with their own data governance policies; further, all of those firms also weren't compliant with their clients' policy standards.
The report also found that the types of threats facing law firms didn't vary much, although they occurred relatively often. Across the law firms surveyed, LogicForce found that there were about 10,000 network intrusion attempts daily, while there were about 1,000 invalid login attempts on a daily basis. Additionally, 59% of all emails were classified as phishing/spam emails, though these included what the report called “benign marketing annoyances” as well as emails that were “more malicious and costly.”
Phishing has been a significant cyber threat for years, playing a significant role in spreading the WannaCry attacks that impacted organizations across the world in May.
Discussing those attacks, Rob Silvers, a partner in Paul Hastings' cybersecurity practice, told our ALM sibling, Law Technology News, that phishing “is very common, and other ransomware strains rely on that same attack vector. So it's really important that companies double down on their counter-phishing training for their employees.”
And while he doesn't “like to blame the victims,” Silvers added, “There are measures that companies simply have to take to protect themselves and their shareholders and their business partners.”
Employee training is a commonly cited prevention measure for organizations, cited among the “10 Basic Cybersecurity Measures” for reducing cybersecurity attacks distributed as a joint effort between the U.S. Department of Homeland Security and the FBI. Speaking about the WannaCry attacks, Ed McAndrew, a cybercrimes prosecutor and data security lawyer at Ballard Spahr, says: “What it shows is you don't need to have the biggest security budget in the world. You need to employ basic cyber hygiene at the very least.”
Timothy Murphy, president of Thomson Reuters Special Services, explained on a June panel about law firm cybersecurity that firms can begin mitigating risks immediately at a moderate cost with high impact. Among his suggestions were figuring out what data needs to be protected, tightening security controls, patching operating systems and applications, and implementing two-factor authentication and encryption.
“This is the most significant threat this country, businesses and law firms face,” Murphy added.
***** Ian Lopez writes for Law Technology News, an ALM sibling of Cybersecurity Law & Strategy. He can be reached at [email protected].
This premium content is locked for Entertainment Law & Finance subscribers only
ENJOY UNLIMITED ACCESS TO THE SINGLE SOURCE OF OBJECTIVE LEGAL ANALYSIS, PRACTICAL INSIGHTS, AND NEWS IN ENTERTAINMENT LAW.
- Stay current on the latest information, rulings, regulations, and trends
- Includes practical, must-have information on copyrights, royalties, AI, and more
- Tap into expert guidance from top entertainment lawyers and experts
Already a have an account? Sign In Now Log In Now
For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473
Overview of Regulatory Guidance Governing the Use of AI Systems In the Workplace
Businesses have long embraced the use of computer technology in the workplace as a means of improving efficiency and productivity of their operations. In recent years, businesses have incorporated artificial intelligence and other automated and algorithmic technologies into their computer systems. This article provides an overview of the federal regulatory guidance and the state and local rules in place so far and suggests ways in which employers may wish to address these developments with policies and practices to reduce legal risk.
Is Google Search Dead? How AI Is Reshaping Search and SEO
This two-part article dives into the massive shifts AI is bringing to Google Search and SEO and why traditional searches are no longer part of the solution for marketers. It’s not theoretical, it’s happening, and firms that adapt will come out ahead.
While Federal Legislation Flounders, State Privacy Laws for Children and Teens Gain Momentum
For decades, the Children’s Online Privacy Protection Act has been the only law to expressly address privacy for minors’ information other than student data. In the absence of more robust federal requirements, states are stepping in to regulate not only the processing of all minors’ data, but also online platforms used by teens and children.
Revolutionizing Workplace Design: A Perspective from Gray Reed
In an era where the workplace is constantly evolving, law firms face unique challenges and opportunities in facilities management, real estate, and design. Across the industry, firms are reevaluating their office spaces to adapt to hybrid work models, prioritize collaboration, and enhance employee experience. Trends such as flexible seating, technology-driven planning, and the creation of multifunctional spaces are shaping the future of law firm offices.
From DeepSeek to Distillation: Protecting IP In An AI World
Protection against unauthorized model distillation is an emerging issue within the longstanding theme of safeguarding intellectual property. This article examines the legal protections available under the current legal framework and explore why patents may serve as a crucial safeguard against unauthorized distillation.