Tuesday, March 09, 2010

Law Firms Increasingly the Victims of Espionage

Law firms are one of the latest targets of alleged cyber espionage from China and others interested in obtaining information on clients or litigation that involve their interests:
"Law firms are attractive targets for cyberattackers because they maintain sensitive client information on their systems, according to attorneys and technology consultants. Perpetrators may be digging for litigation strategies, negotiation tactics, details on pending deals, or other specific information that could aid governments, competitors, or other entities. The bulk of cyberattacks originate overseas, with China leading the pack..."
Law firms are at high risk because of both the sensitive nature of the information they possess and because they don't understand the threat or how to protect themselves. From an adversaries perspective, they are high value targets with a high potential for a successful attack and low risk of being caught.

Understanding the exact extent of law firm intrusions is difficult due to ignorance or fear of reputational damage:
"Often, law firms never figure out on their own that their networks have sustained serious breaches, largely because... attacks are designed to be difficult to detect. Most firms learn of network security problems from third parties, often law enforcement authorities..."

"Law firms often fear that disclosing such a breach may prompt their clients to take their business to a competing firm, even though that competing firm likely has no better capacity to protect the client's information..."

Firms Slow to Awaken to Cybersecurity Threat

No comments: