On 11/7, John Reed wrote for Foreign Policy’s Killer Apps blog on how lawyers are a weak link in the cybersecurity chain. We know that companies are targets of cyberespionage, and these companies have taken varying steps to upgrade their defenses. The problem is, these companies hire law firms, and these law firms don’t engage in best practices and don’t fully understand the cyber risk. Considering that these law firms often times hold their client’s IP, hackers are essentially able to get around effective cyber defenses by targeting the more vulnerable law firms.
Reed quotes Richard Bejtlich, of cybersecurity firm Mandiant:
All the confidentiality and privacy tends to work against seeing what’s happening [on a network]. If you tell a law firm partner, ‘Oh yeah, we’re going to monitor your computer and see everything that’s coming to and from that and everything that’s on the hard drive’…that’s completely antithetical to their culture; it’s pretty much the perfect place to steal data from.
You can find the rest of Reed’s article for Foreign Policy here.
A few months back, Alan Paller had a great segment for Forbes on how vulnerable law firms are to cyberexploitation. Still love this quote from Paller on attorney tech training programs as a response:
It would be like training kids in defensive driving and then sending them out in a Volkswagon to drive in a trucker’s demolition derby.
Leave a Reply