Cybersecurity

Law firms have access to a wealth of sensitive material, given that everything from mergers and acquisitions to contracts, SEC filings and more happens with the input of legal counsel. But law firms also have traditionally been underinvested in their security posture compared to similarly-sized organizations in other industries, making them an easy target for advanced cybercriminals. Findings of the American Bar Association's "2019 Legal Technology Survey Report" revealed that over a quarter of respondents (26%) said a security breach has hit their firm, a number that has grown 12% in three years.

There are a number of reasons that contribute to the increased threat law firms face, but fortunately, there are some ways to protect that valuable, private data within. Let's take a look.

|

Why Firms Present a Tempting Target

Law firms, like so many paper-heavy industries, were happy to adopt digital archiving and data storage. However, e-discovery systems expose law firms and their clients to threats in emails, PDFs, spreadsheets and other documents. Attackers can exploit malware in these files to gain a foothold in the law firm's network.

Once inside, attackers steal client data for insider trading, resale, alteration or even destruction, depending on their motives. Law firms can also be a conduit to their client's networks. If an attacker has been unsuccessful at penetrating the client's network, he or she can exploit vulnerabilities in the law firm's network as another potential avenue.

Attack prevention isn't enough; law firms should assume a breach has already occurred. Attackers can easily breach perimeter defenses and establish residency within a firm's networks, gradually moving laterally towards critical targets at their own pace.

Most attack campaigns remain undetected on a network for weeks, if not months, until they arrive at the proper time and position to steal the information they came for—or in the case of ransomware, take control over target systems. This "living off the land" approach is a slow-burning, lurking attacker that should be kept in mind when identifying and stopping threats; no amount of detection lag-time from breach beachhead to discovering an intruder's presence should be acceptable.

The longer attackers dwell in a network, the more likely they are to create damage and chaos. So, detecting and stopping attacks as early as possible after a breach is important to tip the scales in a law firm's favor and block lateral movement towards critical data. Unfortunately, today's typical security solutions are not effective at detecting resident threats. The best way to definitively confront such attacks is through inescapable deceptions placed all over an organization's network, so that the attacker's decision-making itself is disrupted as they attempt to move towards critical data repositories after a breach.

|

What Deception Technology Is and How It Helps

Deception technology seeks to mislead would-be data thieves by surrounding them with false information. To be an effective detection tool, deceptions must be authentic, undetectable and inescapable. To appear realistic, deceptions must be tailored to mimic real documents, emails, file shares and other components within each firm. Modern AI-based deception solutions automatically analyze your environment and design, deploy and manage custom-built deceptions—all with very little human effort.

Attackers interact with these deceptions, believing them to be real, and in doing so, reveal themselves. A high-fidelity alert is issued, and the detection platform then provides security teams with rich, real-time, forensic evidence of the attackers' location, actions and intent, speeding response and resolution. Incident responders can immediately see how far the attacker is from reaching key systems and thus have the contextual information needed to quickly remediate the situation.

One of the benefits of deception technology is that since only an attacker can trigger an alert, security teams know that every incident the deception technology generates warrants investigation.

For additional insight and forensics, integrate deception technology with other security solutions. That includes security incident and event management (SIEM), endpoint detection and response (EDR), and security orchestration, automation and response (SOAR) software. Integrations can be key to automating the forensic process. Having these integrations helps ensure that the threat detection capabilities can enhance the resolution capabilities of other technologies as well.

|

An Easy Security Upgrade

If law firms can't keep their client and internal data confidential, they won't last long. Cybercriminals know that the legal profession has traditionally under-invested in cybersecurity and are making the most of it, breaking into law firms' networks and staying as long as possible, stealing all the data they can before being detected. Deception technology gives law firms a demonstrable means of stopping attackers before they can access confidential data. Combined with other security solutions, deception technology provides data for stronger forensics and attacker insights. It enables firms to quickly detect and mitigate network threats, helping to keep your clients and their data secure.

 

Having pioneered deception-based cybersecurity, founder and CEO of Illusive Networks Ofer Israeli leads the company at the forefront of the next evolution of cyber defense. Prior to establishing Illusive Networks, Ofer managed development teams based around the globe at Israel's seminal cybersecurity company Check Point Software Technologies and was a research assistant in the Atom Chip Lab focusing on theoretical Quantum Mechanics. Ofer holds B.Sc. degrees in Computer Science and Physics from Ben-Gurion University of the Negev.