Integris recently published a chapter in the globally renowned book, “Outsourcing of Core Legal Service Functions: How to Capitalize on Opportunities for Law Firms,” released by Globe Law and Business (edited by Norman Clark). Integris was chosen for inclusion in this important book because of our experience in the law industry and our proven expertise in the cybersecurity strategies keeping our legal firms safe.
Integris’s chapter, “Outsourcing Cybersecurity: The Logical Solution for Legal Practices” focuses on the unique cybersecurity concerns faced by legal organizations, covering:
- Increasing your law firm’s cybersecurity strategies
- How partnering with an MSP (Managed Services Provider) can help reduce liability and ensure regulatory compliance
- How your legal organization will save money by outsourcing its IT
- Restructuring legal firms’ workspace to incorporate remote solutions smoothly and productively
- Trending security threats aimed specifically at the legal industry
Sitima Fowler, Co-Founder and VP of Marketing for Integris, authored “Outsourcing Cybersecurity: The Logical Solution for Legal Practices” and describes it as “an in-depth look into the unique security threats faced by our legal vertical, and the ways we help law firms avoid them.”
*The following is an excerpt from Integris’s chapter, “Outsourcing Cybersecurity: The Logical Solution for Legal Practices:”
“Trending Cyberthreats for Law Firms
Ransomware remains one of the primary malware attacks that bad actors use to breach legal practices. This mode of attack is usually deployed accidentally by a user. Ransomware is a tricky malware to remove, leaving legal practices torn between paying the ransom and hoping the bad actors will return their files, or trying to restore the data on their own. The costs of the ransom are painful enough, but the cost of waiting for data to be restored can hurt even more.
In May 2020, it was reported that targeted cyberattacks were rapidly becoming a security nightmare for many law firms of all sizes. In the span of five months, seven legal practices were victims of ransomware. All these attacks were carried out by two highly organized cybercriminal groups, one known as REvil and the other calling itself Maze.1
Cybercrime has evolved to be big business and is as organized as any business can be. From terrorist organizations to lone wolf hackers, your law firm is at risk.
Hacktivists, for instance, are cybercriminals with an agenda, usually targeting an organization because of its beliefs, political ties, or affiliations. The end goal of hacktivists is usually to disrupt and cripple an organization. If your law firm is representing well known clients with political ties, for example, your practice may be at risk for hacktivists to launch an attack.
According to a 2018 Ponemon study,2 insider threats are on the rise. One example of an insider threat occurred when a Texas based law firm in the United States was hacked by a former IT engineer who had worked for the firm for five years. The engineer had the knowledge to access the firm’s database without authorization causing, per the U.S. Attorney’s office of the Northern District of Texas, ‘significant damage to the network.’3
Organized cybercriminal groups specialize in advanced persistent threats (APTs) and are usually (but not always) state sponsored. These groups attack to mine for information or disrupt organizations, with many organized groups striking for money for their own countries or to uncover military and political secrets from rival countries. With infinite funding and the combined knowledge of many different ‘hacking professionals’ under the same virtual roof, these groups are especially dangerous.
Lone wolf cybercriminals act alone, usually looking for financial reward. The information this hacker gains will be sold on the dark web or used to steal money directly from your law firm or your clients. Lone wolf hackers include internet stalkers who may target a practice’s managing partners or associates, or the rogue state sponsored actor who is working alone rather than as part of a larger, organized group.
Phishing scammers focus on email scams such as infected links, spoofed websites, and ‘urgent’ information requests. These bad actors do not necessarily target one specific law firm; they attack many practices at once in the hopes that someone, from any firm, will interact with them. It is a ‘throw something at the wall and see what sticks‘ approach rather than a focused one.
Your legal practice is vulnerable to attacks from any of these bad actors, and, depending on the nature of your firm’s services, possibly more than one of them. As if this was not alarming enough, there is a frightening trend on the dark web that can affect your practice, too.
There is an entire industry focused on supplying cybercriminals with the tools they need to build their own malware. Called Malware as a Service (MaaS) or sometimes Cybercrime as a Service (CaaS), this software and hardware is leased to individuals for the sole purpose of carrying out cyberattacks. As unbelievable as it sounds, MaaS websites offer full services; a botnet to distribute the malware, a personal account used to launch the attack, and even technical support come with these malware packages. MaaS suppliers organise their services like a typical business model, working nine to five when employees are most typically at their desks and networks are the most vulnerable.
“As unbelievable as it sounds, MaaS websites offer full services; a botnet to distribute the malware, a personal account used to launch the attack, and even technical support come with these malware packages.”
Since a business falls victim to a cyberattack every 13 seconds (per a Cyber Defense Magazine report),4 hackers can play the numbers game and know that one of their attacks will be successful. With automation behind them, a cyberattack that fails the first time can be continuously deployed until it succeeds. Because modern malware is becoming increasingly subtle, it can take organizations up to six months or more to realize they have been breached.5
Outsourced Cybersecurity Services Provided by an MSP
The best cybersecurity solutions are supported by technicians giving oversight to all aspects of the strategies offered. Internal IT departments usually do not have the resources to support a comprehensive cybersecurity strategy, but a managed services provider has the flexibility, resources, personnel, knowledge, and high-tech tools required to maintain an effective security plan.
The cybersecurity solutions offered by a managed services provider frequently involve layers of strategies and solutions rather than one stand-alone product. These solutions usually involve a mix of effective cybersecurity strategies to protect networks, email clients, devices, applications, and files.
Outsourced cybersecurity solutions include a powerful combination of firewall defenses, anti-malware and anti-virus products, anti-spam and email filtering software, cloud storage solutions, comprehensive…”
*Read more in Integris’s section, “Outsourcing Cybersecurity: The Logical Solution for Legal Practices,” featured as chapter 3 in this global publication.
Integris is an award-winning managed services provider who has many beneficial partnerships with software giants like Microsoft, along with hardware producers, like HP and Dell. Integris has a seat at on these companies’ advisory boards, helping to positively influence the future of products and offerings and shaping the landscape of the IT services industry.
To get your copy of this book with a 15% Integris discount, use promo code AUTHOCLS and order here: Outsourcing of Core Legal Functions: How to Capitalize on Opportunities for Law Firms
