How long are law firms prepared to let criminals dwell in their systems?
By Martin Palmer, regional sales director, Pulsant
Cyber criminals may hate the law but they certainly love legal firms. All that highly sensitive client data and cash makes law firms an obvious target.
The threat is real and growing. The Solicitors Regulation Authority (SRA) believes that on a conservative estimate, £10.7 million of client funds were stolen from UK law firms in 2017. And of course, it is about more than money. Cyber criminals know that legal practices hold hugely valuable information belonging to major commercial clients, including details about M&As, IP and emerging legal disputes.
When this information is stolen or held to ransom, it can hit a firm like a massive sledge-hammer in terms of reputation and cost — particularly for SMEs. Hefty bills for expert investigation and remediation are unavoidable, probably followed by legal action from those affected (along with compensation) and potentially severe fines or loss of accreditation. Everyone from the SRA, to the Legal Services Board and the Information Commissioner’s Office will be involved.
Irrespective of where your data is held, on premise, MSP or public cloud you will be responsible for securing your data and cyber criminals are increasingly prolific and professional.
But don’t despair. Protection from all these nasties starts with understanding the jargon – especially when evaluating service-providers. For example, do you know what dwell time is?
You should. Dwell time is the duration a threat actor (attacker) has undetected access in a network until they’re completely removed. The more time an attacker has to access your environment, the more time they have to understand your valuable data and find ways to get into your more sensitive data and systems. Security specialist Armor says that while it takes a cyber criminal four-to-six days on average to carry out an attack, it usually takes more than 146 days on average for a company to discover a breach.
Therefore, minimising the dwell time and the ability of the cyber criminal to work inside your environment lowers the risk of malware distribution, encryption of data through ransomware, delivery of botnets and the volume and value of the data breached. Thus, the shorter the dwell time the lower the cost of the security incident through lost revenues, client churn, client communications, brand damage, investigatory costs, technical remediation costs and potential regulatory / legal penalties.
This year’s Ponemon Institute Cost of a Data Breach Study calculates that companies containing a breach in fewer than 30 days saved more than $1 million, compared with those that took more than 30 days to resolve.
Fortunately, solutions are at hand. Advanced techniques deploying continuous threat-hunting make it possible to intercept the cyber criminals process, and deploying these from a cloud provider can mean affordable OPEX solutions rather than heavy CAPEX equipment and licensing.
When legal firms conduct due diligence on cloud vendors, they need to concentrate on companies that offer these capabilities and for whom the reduction in dwell time encompasses eradication.
For all legal practices, dwell time has to be more than a mere metric, it must become the catalyst for an active security policy. This is a vital factor in risk-mitigation that has to be at the forefront when law firms consider how they use the cloud.
Want to know more?