Thanks to Dave Ries to sending along this story from the PIttsburgh Tribune Review. You'll find a nice thumbnail of Dave holding a Pineapple. And if you don't know what that is in the cybersecurity world, shame on you!
As the story reports, cybercriminals have intensified their attacks on law firms because law firm corporate clients have shored up their defenses. K&L, one of the largest global law firms has an office in Pittsburgh. K&L spokesman Mike Rick acknowledges the attacks on his firm but believes that the firm's highly advanced security and monitoring measures have kept client data safe.
“Law firms are a rich target,” said Patrick Fallon Jr., the FBI's assistant special agent in charge of the Pittsburgh field office. “They don't have the capabilities and the resources to protect themselves. Within their systems are a lot of the sensitive information from the corporations that they represent. And, therefore, it's a vulnerability that the bad guys are trying to exploit, and are exploiting.”
It is certainly true that most law firm do not have the resources of a K&L Gates. Most firms do not have "highly advanced security and monitoring measures."
“Protecting against state-sponsored hackers is a big undertaking, and many firms have not devoted adequate resources to address this threat,” said Thomas Hibarger, manager of Stroz Friedberg, a global business intelligence, investigations and security risk management company based in N.Y. “Nation-state hackers are very, very sophisticated and targeted in their approach, and it is likely they will succeed."
Lawyers are sometimes astonished to learn that there is a lively trade in stolen legal data. The information — corporate financial reports, “secret sauce” recipes for software, industrial designs and CEO emails — can end up for sale on anonymous black market websites, said Daniel Garrie, founding editor of the Journal of Law & Cyber Warfare, a peer-reviewed publication based in New York City.
“Law firms represent, in today's information security environment, the easiest and richest target to go after,” Garrie said.
But this was my favorite Garrie quote: “Law firms have no incentive to protect themselves from being attacked because, to date, there has been no meaningful financial impact to the law firms' bottom line.”
When breaches hit firm pocketbooks, the lawyers will awake in a hurry. And make no mistake about it, if a big firm suffers a major breach, it could be a crippling - even fatal- event.