Law firms generally carry a lot of personal information of previous and on-going clients. As a matter of fact, the data that a law firm has on it's clients is uniquely filtered and specific.
Why should a hacker go through the trouble of gaining access to a large corporation with it's various defence in depth strategies, then search for and filter through terabytes of data to find relevant valuable intellectual property or PII, when the really important data has been sent to their law firm?
With a smaller foot print and smaller budget, typically law firms do not have an adequate Cyber Security practice in place beyond a simple firewall and antivirus software. Easy pickings.
According to a Data Protection Report, 45% of large businesses in Canada report having been breached in 2019, a staggering jump from 24% in 2018.
A lot of Canadian law firms are over confident when it comes to information security and yet a recent study from the American Bar Association illuminated some troubling statistics.
The study indicated that 26% of firms have reported a breach and a notable 19% of firms that do not know whether or not they have been breached. This is a clear indication that firms should be cracking down on their information security in order to prevent forking out millions of dollars to the clients who were affected by the data breach. Another indication in the study that upholds this debate is that fact that only 35% of firms are taking security actions, which is a decrease from the year before at 38%!
So we know that law firms are vulnerable but what ARE the consequences?
So, lets take a look at the results of a couple recent breaches in firms.
Law Firm DLA Piper, one of the biggest law firms in the world was attacked on June 27, 2017. This firm was hit with a ransomware attack that infected hundreds of thousands of computers across their platform. The attack cost the company millions of dollars.
Appleby Security Breach, a major offshore law firm based in Bermuda, has confirmed it has suffered a data security incident in 2016 that resulted in some of their data being compromised.
As you can see these are some very big companies that lost millions of dollars due to cyber attacks, not to mention these attacks are from a couple years back, attacks have become a lot more prevalent and dangerous in today's day and age. Attackers prefer to attack the smaller businesses due to the fact that their security postures are generally a lot weaker.
TeamCISO was formed in 2015 by a group of CyberSecurity practitioners with experience in large enterprise. Our mission is to bring those frameworks and practices to help small to medium businesses get and stay cyber secure.
Our team can help you asses your current information Security and Privacy Controls to ensure that you are doing you due-diligence in managing your corporate risk profile.
If any gaps or vulnerabilities are discovered, our team will document these as well as define a road-map to remediation.