As pressure to strengthen defenses

As pressure to strengthen defenses against security breaches increases, organizations are in a race against the clock to shore up their resistances. Given the likelihood of an impending hack on the treasure trove of sensitive data they handle, this risk is further exaggerated for law firms.
On a scale of one to 10, the risks law firms are facing are an 11, according to Daniel Solove, professor at George Washington Law School and organizer of the Privacy + Security Forum. Underscoring this urgency is data from Mandiant, a division of FireEye, which finds that 80 of the 100 biggest law firms in the U.S. have been hacked since 2011 (see infographic on next page.)
Law firms have become a bigger target for cybercrime due to two main factors, according to Jeffrey Norris, CISSP, senior director of information security at LexisNexis.
First, “The criminal element has performed direct attacks on organizations at a growing pace going back to at least 2012. During these past few years the attacks continue, but it's now becoming understood that it’s easier to go after a third party to gain access to these organizations,” Norris explained in an interview with Legaltech News. “If you look at the analysis of data breaches, such as Target and Home Depot, and the resultant communications by the FFIEC on management of third-party service providers, the spotlight has swung towards law firms due to security concerns of how they handle the data they’re entrusted with.”
Second, law firms handle sensitive data—intellectual property, corporate transactions, mergers and acquisitions and lawsuit data—that could also contain personal data. “It becomes a realization they may have a treasure trove of data outside of the primary organization that’s being targeted,” Norris said.
Those sentiments have been echoed by the New York State Department of Financial Services (NYFDS) and others, which view law firms as a secondary access point for criminal activity due to the volume and sensitivity of data they deal with, he added. Based on a report released earlier this year about the cybersecurity vulnerabilities faced by financial institutions, NYFDS Superintendent Benjamin Lawsky signaled that the agency will soon move forward with cybersecurity regulations. The report concluded that banks’ third-party vendors—including law firms—have significant potential cybersecurity vulnerabilities.
In the report, Lawsky noted that “banking organizations appear to be working to address the cybersecurity risks posed by third-party service providers, although progress varies depending on the size and type of institution.”


Read more: http://www.legaltechnews.com/id=1202734714224/Heightened-Risk-of-Cyberattacks-Puts-Pressure-on-Law-Firms-to-Bolster-Defenses#ixzz3joSlU76v