Much like a poker player in Vegas, hackers play the odds. Some play the low stakes tables, going after small to mid-sized businesses (SMBs) and taking advantage of easily accessible exploits, while others sit at the high stakes table, awaiting the perfect flop. When you look at the numbers, breaching a law firm is that perfect flop: one entry point gains access to hundreds, if not thousands, of confidential documents that can be sold or used for financial gain.
Hackers are breaking into the computer networks of law firms at an accelerating pace — so much so that the FBI issued an alert to law firms earlier this year warning them about the uptick in breach attempts. Trade secrets, undisclosed mergers, acquisitions and legal strategies are all prized by hackers that sell this information to the highest bidder. While many firms remain tight-lipped over security breaches due to the sensitive nature of the data and the potential damage to their reputation, it is not a problem that will go away on its own.
Beyond the Perimeter
As FBI Director James B. Comey told 60 Minutes, “There are two kinds of big companies in the United States. There are those who’ve been hacked … and those who don’t know they’ve been hacked.”
Law firms both big and small are no exception — one recent report found that one in four law firms have been the victim of a data breach. The security realm is an arms race, between those trying to find new exploits and those trying to prevent them, and much like a game of leapfrog, there is often no clear leader.
In the midst of this crisis, managed service providers (MSPs) and managed security service providers (MSSPs) can find opportunities to offer law firms the most advanced protections that the market has to offer. Law firms might be sized like SMBs, but they require — and should be willing to accept — as close to enterprise-grade protections as they can afford.
The Three Extra Protections Every Law Firm Needs
As opposed to consumer brands where trust may be regained, the stakes are much bigger for law firms, which may suffer irreparable damage to their reputation after a breach. While features like firewalls and data backup and recovery remain essential, the landscape has continued to evolve and managed service providers cannot stop there if they want to attract customers from the quickly ripening legal field.
This shift is evident in many of the latest security technologies, which no longer aim to simply create an impenetrable border, but rather continually work to test for vulnerabilities, detect breaches and anomalous behaviors and react to breaches faster than ever before.
Vulnerability Identification and Penetration Testing
The fact remains, perimeter security is absolutely necessary. When you have your firewalls, web filters and other tools in place, how do you know they’re not full of gaps?
Penetration testing has been around as long as there have been networks to secure, and new pen test technologies have appeared that make use of the cloud and other recent advancements to ensure a secure perimeter. While you might provide legacy penetration testing tools for your customers, they may not provide the security they once did. Legacy penetration testing often provides a snapshot of your perimeter security at a single given point in time. This sort of penetration testing often occurs on a schedule, leaving security gaps when the environment changes but remains untested.
Modern technologies however, offer continuous monitoring and penetration testing, among other features, to ensure the network is free from known vulnerabilities. Instead of simply testing periodically against individual scenarios, cloud-based pen tests can run innumerable scenarios simultaneously to make sure defenses are up to snuff.
As Dark Reading’s Tim Wilson recently noted in examining the changing security landscape, “enterprises’ broader shift to technologies that are outside the IT department’s span of control — including cloud services and user-owned mobile devices — has virtually shattered the perimeter defense concept and forced the security team to spend most of its time searching for threats that have already penetrated the organizational walls.”
Even the best perimeter security cannot stand up against all threats, especially those from the inside. Perimeter security is meant to keep those who don’t belong out, while allowing those who do in. The problem now is that stolen credentials remain one of the primary attack vectors. Modern breach detection software uses big data and machine learning to detect anomalous behavior — including that of known and privileged users — inside a network and alerts administrators immediately. The average attacker stays hidden within a network, exploring and identifying the most valuable information for a duration of time, undiscovered, before ever leaving with data. Many breaches could be prevented if the company were aware of the intrusion earlier, and breach detection provides just that insight. The simplest way for a law firm to repair its good name when it comes to information security is to stop a breach before it occurs.
Incident response is no longer simply a pager going off to wake up a groggy IT guy to investigate a breach. Much like breach detection and pen testing, incident response software has benefited from powerful computing and machine learning to act faster with more precision than its predecessors. Just as breach detection analyzes network traffic to identify anomalous behavior, incident response can monitor data access, financial transactions, and other high value activities and take action when something doesn’t look right.
Until recently, this sort of technology might not move fast enough, but with cloud computing, financial transactions can be analyzed quickly enough to be stopped mid-transaction if something is detected. It is yet another example of how cloud computing enables smaller companies like law firms to enjoy enterprise-grade protections.
As the old saying goes, where there is crisis, there is opportunity, and today’s law firms need the stiffest protections they can afford. MSPs and MSSPs have an opportunity to arm themselves with best-of-breed technologies in breach detection, incident response and vulnerability identification and penetration testing, and, as experts in the latest effective measures, can in turn win long-term legal customers.