Delta Risk Featured In Bloomberg: “What Law Firms
Can Learn From Government Data Breaches”

June 26, 2015

Delta Risk is proud that Joe Abrenio, Chris Folk, and Joo Kim published an article in Bloomberg providing analysis on the topic of law firm cybersecurity and the lessons law firm leadership can take from government breaches. The article, Law Firms Can Learn from Government Data Breaches, can be accessed here.

Here’s a short exerpt:

The IRS data breach and the OPM attack demonstrate the adversary’s technological and strategic prowess. China, like many other APTs, is sophisticated, strategic, and systematic in its approach. Each hacking event should not be viewed in a singular context; these seemingly discrete actions may in fact be parts of a larger and more cohesive hacking strategy. Just as exposed password databases make it easier for criminals to gain unauthorized access to the victims’ other accounts, compromised PII will make future hacking and identify thefts even easier.

Law firms are not immune from these threats. In fact, they are increasingly targeted by nations-states and cybercriminals for a number of reasons. First, cyber actors are well aware that law firms typically have weak security. This industry weakness has incentivized opportunistic attackers to target vulnerable law firms. Second, law firms place a high value on reputation and are therefore, as an industry, highly reticent to acknowledge when they are breached and to share threat data. Third, law firms collect, hold, and disseminate vast amounts of data that are both highly confidential as well as potentially very lucrative (e.g., information on financial clients, merger and acquisition work, initial public offerings, etc.) Fourth, litigation strategies are paramount to a firm’s success, and the data associated with litigation direction and tactics could be invaluable to the opposing party.