Brace for Breaches: Report Finds Cyberthreats to Legal Industry to Grow in 2016 by Ricci Dipshan, Legaltech News

11/03/2016 09:30

The surge in ransomware and spear phishing attacks in 2015 will continue this year with a focus on the legal industry’s sensitive data, according to a report by TruShield

The legal industry will increasingly come under siege this year, as cybercriminals eye its data and information and revel in its underdeveloped security infrastructure, according to a report by cybersecurity firm TruShield.


The company’s “ 2015 Annual Cyber Threat Intelligence Report,” which documents the evolution of the cyberthreats since 2015, singled out legal businesses as ones that are at high risk for cyberattacks and breaches.


“Law firms are a valuable target to the bad types,” warned Paul Caiazzo principal, chief security architect TruShield Security Solutions, Inc. “The attackers know law firms process highly sensitive information for their client, and a lot of the time … attackers also know that law firms and the legal industry in general lacks standardization on security program structures, controls, and oversight. This divergence can result in security weaknesses.”


The report noted that emails were one of most vulnerable access points in legal companies, often lacking necessary security policies and protections, such as encryption.


TruShield also predicted that mid-sized law firms between 50 and 150 attorneys will be the most targeted by cybercriminals looking to gain access to sensitive data. Most attacks, explained Caiazzo, will be focused on gaining access to the firm’s systems through their employees.


“We see law firms particularly being targeted a lot, with the focus on the attorneys themselves and a focus on the managing partner — really, anyone who has a public profile that is associated with the law firm,” he said.


This is mainly because, “in terms of the evolution of threats, what we have seen a lot of spear phishing and ransomware — ransomware particularly is all over the place right now,” Caiazzo added. “It’s been very effective all over the industry; it’s a common weakness where people are still susceptible to being phished.”


Caiazzo advised that firms “should be moving to protect themselves [and] start with standardization around security program structure. There are a number of very good frameworks out there, which law firms can use to perform gap assessments and begin prioritizing security remediation.”


But he also cautioned that even the most secure companies need to brace for breaches. “Firms should additionally recognize the fact that no matter how good you are, it's impossible to be perfectly secure. At some point in time, the bad guy is going to get it right that one in a million times, and the difference between a simple fix and a major data breach is entirely dependent upon how quickly it is detected. … We believe you need monitoring 24 hours a day, seven days a week to really identify threats in the network.”

Read more: