Sensitive Information: The legal services industry and cybersecurity
How safe is your data? Moreover, how safe is the data you gave to a prestigious law firm tasked with representing you in a lawsuit you filed as a victim of a data breach? The short and somewhat confusing answer is – not very. In March 2023, cybercriminals breached the law firm of Orrick, Herrington & Sutcliffe which represents organizations that have been with security incidents. Hackers managed to steal personal data of over 638,000 people. The firm eventually paid out $8 million to settle class action lawsuits related to the now infamous breach.
Sadly, this story is only one example of a growing threat to the legal services industry – cybercrimes. Much like the financial services and healthcare industries, cybercriminals have begun to target law firms with increasing frequency. Law firms often retain incredibly sensitive information that make them targets of cyberattacks. Information such as personal information, financial records, trade secrets and law strategies make for valuable treasure. According to a recent survey, one in five U.S. Law firms were targeted in a cyber-attack. Law firms face an average ransom demand of $2.5 million, globally.
What could happen
Shook Lin & Bok – In April of 2024, the Singapore based law firm reported a data breach of sensitive customer data. This was a ransomware attack. According to multiple sources, the firm paid the attackers roughly $1.8 million.
Grubman Shire Meiselas & Sacks – In May 2020, the law firm, which offers legal services in the entertainment and media industries, was hit with a ransomware attack. The attackers initially leaked information involving Lady Gaga with the threat to release more information if their ransom was not paid.
Moses Afonso Ryan Ltd – The small sized Providence firm was hit with a ransomware attack back in June 2016. The attack shut down the firms systems and prevented the lawyers from performing critical tasks. Although they ultimately paid a $25,000 dollar ransom, the firm estimates it lost close to $700,000 in billings. The attack started with a lawyer clicking on an infected email attachment.
Why is this unique?
What makes the legal sector unique is the reported sophistication of the attacks. The number one type of attack on law firms is ransomware. Ransom demands against law firms can be 5 times higher than the average ransom demand across other industries. According to the Wisconsin Law Journal, Some 60% of law firms hit with a cyberincident identified the sophistication level of the attacks as the biggest challenge in reducing risk.
Why hire WarCollar?
Experience: We have offered offensive and defensive cybersecurity and intelligence analysis solutions since 2015. Our team of experts works with you to solve the toughest challenges in the ever-evolving digital landscape.
Penetration Testing: We use real-world tactics, techniques, and procedures to create cyber-attack simulation to test the effectiveness of your IT security defenses, policies, and staff.
Risk Assessment: We provide comprehensive assessments that identify vulnerabilities, evaluate potential threats, and measure their impact on your business. Our process delivers clear insights into your security posture and actionable recommendations to reduce exposure and strengthen resilience.
Compromise Assessment: Our skilled team provides high-level investigations using advanced tools to identify ongoing or past attacker activity in addition to identifying existing weaknesses in controls and practices. Our assessment will help reduce the security risk of attackers stealing financial assets, customer data or intellectual property.
