Legaltech news (sub. req.) reported that, last week, the Florida law firm of Shutts & Bowen successfully defended itself against the ransomware WannaCry before it encrypted any of the firm's data. In and of itself, this is not remarkable. Law firms are increasingly striving to protect their confidential data and to assure their clients that they have done so. Shutts & Bowen is a Florida law firm of more than 270 attorneys, according to its website.
As the firm notes, it has technology in place where spear phishing attacks are almost always quarantined by its technology. Since we know now that WannaCry was a worm, it must have had other measures in place to protect against WannaCry.
The specifics are less important than the firm's obvious focus on cybersecurity. Last year, Shutts hired a full-time cybersecurity expert and joined the Legal Services Information Sharing and Analysis Organization, or LS-ISAO, which shares information about cyber threats among member law firms.
The firm hired a cybersecurity consulting company to carry out a cyberattack to reveal vulnerabilities at the firm. At firm offices, the company dropped USB drives with labels such as "associates salaries" and "payroll." But the USBs held a program that, when plugged in, would alert the consultant that it had infected the system. In our parlance, this is called "baiting" - and it is remarkable how many people fall for it.
The company also conducted mock spear phishing attacks. The consulting firm sent an e-mail purporting to be from a managing partner to a specific person in payroll requesting a list of all the firm's W2s. While no one fell for the "dropped" USBs (employees turned them in), the W2 e-mail almost worked, and a few click-on-the-link mock virus attacks got through. The firm later used the findings of the mock attack in firm-wide employee training sessions. And, laudably, the firm does these trainings annually.
Larger firms like this one are increasingly turning to the sort of measures described in the article – now we need to "spread the gospel" to smaller firms.
E-mail: email@example.com Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology