Page 32 - Cyber Warnings December 2015
P. 32
By extension, I started to think about the legal realm and something that is kind of an ill-kept secret
in the security profession. Law firms have become vast repositories for very sensitive information
and, as a result, are incredibly likely targets for attack by hackers. However, the big news about
information breaches and compromises centers on well-known, big-name corporations. If law firms
are such likely targets, doesn’t it stand to reason that they are being attacked?
The answer, not surprisingly, is yes. Earlier this year, the New York Times cited a Citigroup report
which claimed “The unwillingness of most big United States law firms to discuss or even
acknowledge breaches has frustrated law enforcement and corporate clients for several years.”
This reluctance to talk about breaches makes it near impossible to gauge whether these kinds of
attacks are on the rise, the report acknowledged. However, the message is clear that it’s an issue
firms should take seriously.
The lesson: While breach notification laws currently vary by state, it’s only a matter of time before
an overarching regulation is adopted on a federal scale. The days of law firms hiding breaches from
the public are bound to come to an end, especially if a large firm is discovered to be a breach
victim.
For some reason, lawyers and their firms either won’t admit or don’t believe that they are vulnerable
to an attack. The time has come for them to understand that the data they retain is of tremendous
value on the black market. Logically, that means somebody, somewhere will try to steal it. Law
firms must take seriously the protection of their clients’ data. Just like the corporations they work
with, they need to seek the services of security experts to help defend against attack.
Every breach in the news has some lesson that other organizations can learn, if they are willing to
listen and admit they have a problem. By the time the truth of the breadth and the depth of the
incident eventually comes out, the poignancy of the lesson has often passed us by, but it’s still there
and should be heeded. After all, the best mistakes to learn from are those other people have made.
It’s less painful that way, but still just as effective.
About the Author
Chris Pogue has more than 15 years’ experience and 2,000 breach
investigations under his belt. Over his career, Chris has led multiple professional
security services organizations and corporate security initiatives to investigate
thousands of security breaches worldwide. His extensive experience is drawn
from careers as a cybercrimes investigator, ethical hacker, military officer, and
law enforcement and military instructor. In 2010, Chris was named a SANS
Thought Leader.
32 Cyber Warnings E-Magazine – December 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
