Wednesday, February 8, 2012

Information Risk Threats: Law Firms Increasingly Targeted by Hackers

Following yesterday's update about the growing adoption of ISO 27001 information security standard by law firms comes renewed news about external attacks on firms: "China-Based Hackers Target Law Firms to Grab Secret Deal Data."

The issue is serious, the FBI convened a meeting of the top 200 firms a few months ago. As the head of the FBI’s New York cyber division summed up the threat: "As financial institutions in New York City and the world become stronger, a hacker can hit a law firm and it’s a much, much easier quarry."

She noted that of the firms in attendance: "Some were really well prepared; others didn’t know what we were talking about," and that firm culture and related factors make law firms a "soft" target for attackers.

The article mentions several law firm hacking incidents:
  • "...the hackers rifled one secure computer network after the next, eventually hitting seven different law firms as well as Canada’s Finance Ministry and the Treasury Board..."
  • "In one recent case, a corporation was negotiating to open a major plant in China when the law firm helping with the deal was hacked…"
  • "Similarities between the Canadian attack and other recent intrusions at U.S. law firms suggest that cyberattacks on attorneys are now part of the hacking playbook for gathering sensitive information on corporate clients…"
Given these threats, it’s no reason why many firms are seeing more stringent client mandates about how sensitive information is stored, accesses and protected:
  • "'If clients start thinking they can’t give private information to their lawyers because it might get out, it’s a huge problem for the profession,' said Richard Goldberg, a former software programmer and lawyer in Washington involved in the data security issue. 'The whole system will start to fail.'"

No comments:

Post a Comment