100% have evidence of daily targeting by threat actors
BlueVoyant, a global expert-driven cybersecurity services company, has today launched its “Sector 17 – The State of Cybersecurity in the Legal Sector” report. It reveals that despite excellent standards of cybersecurity, 15% of a global sample of law firms showed signs of compromised networks. These compromises result from an overwhelming attack rate on law firms globally: 100% of law firms analyzed were targeted in attacks by threat actors.
The detailed analysis of cybersecurity in the legal sector undertaken by BlueVoyant analyzed thousands of law firms worldwide between January and March 2020. These results were compared with companies in the 16 sectors defined as critical to securing national infrastructure, resources, and resiliency by the Department of Homeland Security. BlueVoyant contends that the legal sector should be designated as “sector 17” due to the high-value data law firms contain and their role as arbiters and safekeepers of public trust.
The study revealed that 100% of law firms have been subject to targeted threat activity – not surprising given the sector’s estimated worth of nearly $1 trillion, making it a prime target for financially-motivated attacks, as well as their handling of sensitive information. This month alone, 193 law firms were exposed in a massive data breach due to an insecure database; and the NY law firm GSMLaw was victimized by a ransomware group that is now threatening to release sensitive information about the firm’s roster of celebrity clients, including President Trump.
The investigation revealed the most common attack methods across the sector’s threat landscape. This included criminal pursuit of sensitive financial information and PII, extortion (non-ransomware), ransomware, third-party risks, password breaches and insider leaks and hacktivism. It also analyzed how the attack surface for illicit actors to share and use information sourced from cyber-attacks has expanded through the Dark Web, providing examples of how this information can be used to conduct ransomware attacks and subsequent breaches.
Jim Rosenthal, CEO, BlueVoyant, commented: “The stakes could not be higher. While the legal sector is performing well in comparison to the other 16 sectors, attacks against law firms constitute some of the most sensational and damaging cyberattacks in history. We have already seen how recent incidents can cause substantial geopolitical fallout, not to mention tremendous direct and indirect financial repercussions for law firms.”
Furthermore, detailed analysis into 20 law firms, including an examination of defense metrics, inbound threat targeting and evidence of compromise, revealed that 15% of these firms were likely to have been compromised based upon strong evidence of suspicious traffic – and many more (almost half) showed signs of suspicious activity, including malicious proxy use.
Rosenthal added: “Threat actors are aggressively targeting law firms, and they are doing so daily. Threats against law firms are high volume, multi-faceted, and organized; threat actors use multiple sophisticated tools and techniques; and, notwithstanding industry-leading efforts, law firms have been successfully compromised.”
BlueVoyant recommends that law firms benchmark existing cybersecurity best practice against its recommended ten steps to mitigate future attacks. Further strengthening the sector’s defense against potential compromises is more crucial than ever, due to how the obtained information can be subsequently utilized.
Rosenthal concludes: “These findings are designed to support and empower law firms globally. By recognizing the legal sector as critical to national and international defense and infrastructure, BlueVoyant aims to put a spotlight on measuring and improving cybersecurity across the industry.”
To download BlueVoyant’s “Sector 17 – The State of Cybersecurity in the Legal Sector” report, visit https://www.bluevoyant.com/sector-17-bluevoyant-legal-sector-report.