Law firms are often the soft underbelly of an organisation’s sensitive data…:
[…] Commenting on the latest cyber attack targeting Grubman Shire Meiselas & Sacks, Ilia Kolochenko, founder & CEO of ImmuniWeb, told Teiss that law firms are desirable targets for hackers as it is often much easier and faster to breach a mid-sized law firm to get ultra-confidential data compared to targeting its large clients directly, such as banks or celebrities as reportedly happened in this case.
“In a highly competitive and now digitally-disrupted legal services market, few law firms are prioritising investment into holistic cyber resilience and defense, understand their attack surface, let alone conduct sufficient employee training. Furthermore, a considerable number of law firms have no incident detection and response capacities, often leaving them unable to detect an intrusion in a timely manner.
“Worse, modern law firms have to deal with diversified digital flow of sensitive and privileged data on their mobile phone, laptops and office computers. Partners and clients exacerbate this convoluted landscape by uploading confidential documents to public cloud or file sharing websites.
“Moreover, even if a data breach is detected, a not insignificant number of law firms would prefer to keep the incident as silent as possible to avoid disastrous reputational damage and acrimonious lawsuits from their clients. Ultimately, law firms are a low hanging fruit for cybercriminals, enabling the latter to get their hands on crown jewels of major organizations without spending much effort,” he added.