Top security threats in the year ahead

Elizabeth Millard, The Daily Record Newswire

Every year brings new technology enhancements and opportunities, as well as security issues to go along with them. So far, it looks like 2015 should be a doozy.

Whether you’re operating a small law practice or managing IT remotely for a large firm, there are several security threats that are looming large for attorneys and other professionals. Here are some that are likely to be a concern in the coming months:

Ransomware

Expect to hear this term often, if you haven’t already. Unlike simple malicious hacking, which can take down a company’s servers or leech data out of an unprotected system, ransomware puts extortion into
your technology mix. A hacker will slip into a system, and then put encryption controls in place that essentially lock legitimate administrators out. The hackers then demand money to “unlock” the data.

The tactic isn’t particularly new, but it’s been gaining enough momentum in the past couple of years that the FBI recently issued an alert and stepped up its efforts to find and prosecute these attackers. Right now, it’s evolving into cloud-based systems, according to Vincent Weafer, senior vice president at security firm McAfee Labs. “We predict ransomware variants that manage to evade security software installed on a system will specifically target endpoints that subscribe to cloud-based storage solutions,” he says, adding that McAfee expects ransomware to move into the mobile space next.

Specific industry attacks
Data breaches in the retail sector have become more common, but this year, it’s likely that attackers will go after certain industries more aggressively. The top target right now is health care, and major health insurance company Anthem just announced that up to 80 million customer records may have been part of a massive breach. But law firms have also been targeted by hackers more often in the past few years.
According to consulting firm PricewaterhouseCoopers (PwC), law firms are growing increasingly aware that cyber criminals are targeting them. In a report on the issue, PwC analysts noted that a number of law firms believe they’re too small or obscure to warrant the interest of professional hackers. “They may want to rethink that logic,” the analysts write. A fraud alert issued by the FBI warned that cyber criminals had begun to aggressively target small and midsize businesses, law firms among them.

“There is no question that law firms are among the companies being targeted by cyber criminals,” says Shane Sims, a director in PwC’s Forensic Services group. Hackers tend to attack law firms through email the most, hoping that a careless or distracted employee will click on a poisoned link. Because the problem is so prevalent, Sims believes that law firms should assume their systems have already been compromised, and then proceed from that assumption for testing and improving their defenses.

Espionage tactics
Everyone loves a good spy movie, but hackers are turning fiction into realty, with attacks that serve to steal usable information that can be sold. Weafer notes that cyber espionage attacks are likely to increase in frequency. These cyber warfare tactics are likely to affect small nation states the most, but it’s only a matter of time before the strategies are used in business settings to steal intellectual property and sensitive documents.

That time is likely to come sooner rather than later, too. In December, security researchers reported that they uncovered a cyber espionage ring focused on stealing corporate secrets, with hackers hoping to game the stock market. Before being uncovered, the ring had gained access to email accounts at more than 100 companies, including law firms.

With all these security threats, protection will become even more crucial this year, and awareness is definitely warranted. Jody Westby, CEO of Global Cyber Risk and chair of the ABA’s Privacy and Computer Crime Committee, notes that a well-informed attorney will be in a much better position with clients, the state bar, and regulators.