Beyond Client Confidentiality: An Attorney’s Key to Protecting Sensitive Client Data
By: Mackenzie Blaisdell
In today’s world, client confidentiality goes beyond the customary non-disclosure regulations of attorney-client privileges; it comprises the cybersecurity measures a firm is willing to take to protect their client’s sensitive data, from basic confidential knowledge to major corporate trade secrets. Breaches within this sector can have critical implications on acquisitions, mergers, and insider trading, which is why cybersecurity is becoming a vital topic within the legal sector. After all, the life’s blood of an attorney’s practice is client confidentiality.
Law firms are increasingly becoming a hacker’s target when attempting to obtain their clients’ sensitive information. If a cybercriminal is seeking to steal private knowledge from a certain organization, they may have more success targeting that organization’s legal team, which is why fortifying one’s network with advanced prevention and early detection methods has become essential to significantly minimizing mass data theft and protecting an attorney’s prestige.
According to the 2016 ABA Legal Technology Survey Report, firms worldwide are facing increasing pressure to adopt stronger cyber risk policies. The survey revealed that 30.7 percent of all law firms, and 62.8 percent of firms of 500 lawyers or more, reported that current or potential clients provided them with security requirements. This demand indicates a growing need for elevated and more reliable threat detection within the legal community.
Despite the increasing demand for improved threat detection and response capabilities, only 17.1 percent of firms have an incident response plan in place to remedy a security breach, and only 50 percent of firms of 500 lawyers or more have such a plan in place. With the increasing volume and complexity of information security threats, law firms must make significant strides towards addressing these threats or risk being a weak link that leads to an undesirable data breach.
In March of 2016, The Wall Street Journal released a story detailing a number of successful breaches against a handful of the most well-esteemed firms across the country. These firms held clientele of the largest Wall Street banks and Fortune 500 companies in all sectors.
As this knowledge surfaced, research commenced to estimate the prevalence of such attacks. A survey including over 200 law firms found that between 2016 and 2017, every firm had fallen victim to a breach attempt. Additionally, 40 percent of these firms were unaware of the attempted attack. Notably, it was found that attackers do not differentiate based on a firm’s revenue or size – all are equally subject to attempted attacks.
Given the number of attempted and successful breaches within this sector, law firms worldwide are looking to deception technology for the early detection of network intruders. Deception is fast gaining acceptance in recognition of its accuracy and efficiency in detecting in-network threats that have bypassed prevention and evaded other detection security controls.
Attivo Networks ThreatDefend™ Platform provides deception technology designed for efficient and scalable detection of advanced cyber threats targeting client information, third-party intellectual property, and critical corporate information assets. More specifically, the solution is not reliant on signatures and provides detection of attacker reconnaissance, stolen credentials, and active directory attacks, while providing automated attack analysis that can be used to accelerate incident response.
By creating an in-network deception environment, organizations change the asymmetry of an attack by outmaneuvering modern-day attackers and deceiving them into revealing their presence. One wrong move and the attacker’s presence is exposed and intelligence is gathered, empowering organizations to immediately shut down the attack. The ThreatDefend platform has become the solution of choice for many law firms based on its simplicity to deploy and manage as well as its flexibility to fit firms and departments of all sizes and varied IT resources.