The secret is out: law firms make attractive targets because they have large volumes of privileged client information. High profile cyber-attacks such as the Panama Papers incident have made information security a top priority at the C-level executive suite.
Traditional security approaches and perimeter defenses, however, are no longer sufficient. Over the past few years, fundamental changes in how firms conduct business and how malicious attacks are orchestrated have changed the game. These changes include:
- Phishing attacks. Attacks involving stolen credentials can easily penetrate even the most security-savvy firm in minutes. The low-cost, high-reward potential makes it the dominant mode of attack.
- Malicious insiders. There has been an increase in cases where insiders familiar with the workings of the firm have pilfered privileged information slowly and imperceptibly for personal gain.
- Outsourcing. To be competitive, firms outsource work to 3rd parties. From partners for eDiscovery or contract review, to the outsourced help desk, it’s not uncommon to have tens of hundreds of external users accessing the firm’s network with valid credentials.
- Mobility. The benefits of mobility and round-the-clock productivity are too compelling to ignore. Different device types make it difficult for IT teams to exercise control.
- IoT. The Internet of Things (IoT) opens networks up to yet another huge class of devices that the firm has little visibility or control over. These devices are internet-enabled and can be used as portals to launch attacks.
A New Approach Is Needed
The consensus is clear: the traditional security stack must be augmented by a new toolset built to protect information where the threat actor has not only compromised the network perimeter but has obtained control over one or more endpoints and is about to launch a zero-day attack. CIOs and CSOs clearly understand this gap in the security stack and know that any security solution they purchase to address this gap must be able to do the following:
- Work under the assumption of a breach. The solution must be able to immediately detect and neutralize threats where the perpetrator is an insider or external party that has already compromised the network using stolen credentials.
- Reduce false positives. The biggest impediment to the success of information security programs continues to be the cost of investigating a high number of false positives. Solutions must go beyond the capabilities offered by traditional security tools by analyzing contextual information deep within key applications to unambiguously communicate user intent. Tracking network traffic abnormalities, irregular application access patterns or endpoint device activity, and threshold-based alerts results in a high number of false positives because they are lacking in context.
- Intelligently interpret variation in behavior. Users in professional services firms work differently both across and within practice areas. High performers work across a significantly higher number of clients and matters than associates, for example. Tools must offer the capability to intelligently differentiate between variation in behavior that is legitimate and variation that is at-risk.
- Predict high-risk events that are unique to professional services firms. Departing professionals represent a unique risk, as they often carry privileged client or firm information with them. The ability to monitor a group of professionals who have given notice as well as the ability to predict professionals who are most likely to depart makes a significant impact on mitigating risk.
- Learn continuously. Professionals exhibit considerable variation in behavior over time that is entirely legitimate: promotions and new work assignments are often accompanied with substantive changes in information access patterns. Continuous learning ensures that the system is able to learn and adapt automatically as the firm changes.
Protecting client data from cyber attacks is no longer a matter of simply “securing the perimeter.” Law firms know that traditional security measures must be augmented to protect information not only where the network perimeter has been compromised but where an individual now has access to critical data. Learn more about how iManage enable firms to protect their clients’ data.
Authored By: Aaron Rangel, iManage