Cyberthreats and ransomware remained a key topic of discussion at the recent ILTACON 2022 event in Washington D.C. This article covers some of the key themes and some practical suggestions to consider at your firm.
Ten years ago, most law firms did not have a Chief Security Officer or a dedicated senior IT security role. Law firms have since established dedicated resources and sophisticated controls as cyber threats including ransomware are at an all-time high. The upcoming ILTA 2022 Technology survey highlights concerns about social engineering, malware and ransomware taking centre stage and ranked just behind themes such as cloud adoption, and adoption of AI/ML.
Law firms of all sizes are an important target for threat actors. For example, a recent ABA Legal Technology Survey Report stated that one in four law firm respondents had experienced a cyberattack. And at least one in three global organisations said they were the victim of some form of ransomware attacks in 2021 according to the IDC 2021 Ransomware Study. A PwC 2021 Law Firm Survey also reported that 90% of law firm respondents view cyber risk as the biggest threat to future growth.
Responding to this challenge, most law firms have established best practices for security policies. In addition, firms typically experience client security-mandated requirements and audits for handling matters. Along with this comes necessary controls such as multi-factor authentication, security awareness training, encryption (at the least for email and for removable media), secondary behaviour analytics tools and whitelisting. And law firms are striving to do even more to counter the ongoing threat of ransomware and related cyber threats through ongoing awareness and training.
Practical tips to stay cyber secure
Here are some suggestions based on several security-focused presentations delivered during ILTA, from panel discussions including C-level roles at law firms as well as the technology vendors represented at ILTACON focusing on security.
- Security is more than policy – Policies and compliance with standards such as ISO 27001 are important and often necessary in complying with client and insurance requirements. However, some firms have found out that the policy does not always match reality. The advice is to test policy through practical assessments – ‘look over the shoulder’ of end users and administrators to develop awareness and validate compliance. Assessments, both internal and external, are powerful in helping to ensure alignment between controls at the infrastructure level and at the information security and policy level. This includes careful management of any exceptions to policy.
- Talk to your insurer – who is in control? – One large law firm's CIO at ILTACON referenced a situation where a firm encountered a ransomware attack and where the cyber insurance provider essentially took control of the incident response. There were at least a few days when clients could not be contacted or informed. The lesson learned was that it is important to discuss with your insurance provider and/or insurance underwriter the protocols for response in the event of a cyber threat. Related to this, be clear on who has the authority or delegated authority to respond immediately to a threat. This could include immediate shut-down of your network and you may not have the time for a committee or board to get together and discuss it first.
- Are your backups safe? – More than one ILTACON security presentation and conference conversation referenced the importance of ‘immutable’ backups. This means that there is assurance a backup cannot be changed. Ransomware victims sometimes find that their backups are compromised and encrypted. Overcoming this requires some form of isolation or air gap between your backup solution and your operational environment or network. A suggestion is to avoid hosting the backup environment on virtual machines. This in turn can be supported with checksum and signature validation to provide assurance that your backup data will be safe. Again, this can be supported through a practical assessment and testing.
- Leverage AI – Certain vendors offer artificial intelligence and machine learning frameworks to provide insights into when files are suspected of being changed by a potential malware application. These frameworks can monitor backup and live source data, ensuring insights can be obtained prior to the backup or replication to the protected storage.
Overall, having a layered or stacked approach to securing your data can reduce the risk and potential impact on your firm. With cyber threats becoming increasingly sophisticated, it is important to rely on more than one solution or vendor for areas such as end-point protection, multi-factor authentication controls, retention locks, command authorization and more.
One security professional services provider at the conference, Nikec Solutions, published a useful guide on 20 tips to keep your business cyber secure and we encourage you to take a look.
Speak with your internal and external security experts about the layered approach and be aware of and prepared for the budget, resource, and planning implications.