In Part 3 of this series on the New Cyberwar, we will address the current best practices approach to preventing cyberattacks, such as ransomware and other cybercrime, and reacting to data breaches. When it comes to cybersecurity practices, is there really such a thing as “best?” How can you focus on developing the right practices for your organization? In addition, we’ll discuss the questions organizations should ask before performing a cybersecurity gap analysis project. Finally, we will dive into Data Vulnerability – what is it and where does it come into play?
EXTEND’s Steve Henn recently sat down with Paul Starrett of PrivacyLabs to discuss the ways data privacy and information security are interconnected, a modern take on managing compliance across both focus areas, and the four questions companies should ask themselves as they work to protect the data their organizations create, handle, and store. Jam-packed with insights from two leaders who bring extensive AI, technology, information security, legal management, and data risk management expertise to clients, IT, InfoSec, Compliance, and Legal teams can leverage the on-demand recording to support their compliance initiatives.
The private sector is starting to awaken to the fact that we are in the hackers’ crosshairs as the cyberwar rages. Several private initiatives led by the insurance industry are looking to develop a coordinated policy with government entities, data to inform action, and best practices for companies.
But is it fast enough?
It is an open secret that cyberwars have been going on for quite some time. To most of us, it is an unseen war – carried out by nations and nation-state actors against other countries. Consequently, the “civilian” populations of the nations at war were – for the most part – unaffected.
Criminal enterprises supported by nations have greatly increased cyberwar attacks on commercial companies and other non-governmental organizations. The SolarWinds hack, the Colonial Pipeline and JBS ransomware attacks, and others are just the beginning.
The current information security environment is hostile to organizations seeking to ensure information integrity of the confidential legal content their law firms hold and generate. Hackers see professional services firms such as law firms and CPAs as the number one industry to target with ransomware attacks. In fact, professional services firms experience more than twice the number of attacks than the second-highest industries: Healthcare and the Public Sector. Consequently, the cybersecurity environment is getting worse for law firms every day. As proof, we have seen numerous legal industry companies – firms and vendors – suffer severe attacks in the past 18 months.
Between April 1, 2020 and June 25, 2020, cybercriminals managed to steal personal health information (PHI) and personally identifiable information (PII) from over 36,000 patients at the University of Pittsburgh Medical Center (UPMC). The hackers did not, however, obtain this information by hacking into UPMC. In 2020, hackers managed to access the email of one of UPMC’s law firms, Charles J. Hilton and Associates, an eight-member firm focused on billing-related services. The hackers have allegedly generated over $2,000,000 in fraudulent financial transactions. There is now a large class action lawsuit hitting both UPMC and the law firm regarding the breach. The lesson: Law firms that lack good cybersecurity hygiene create cyber risk for corporate legal departments and their companies.
Tips for Executives and Board Members
Cybersecurity – protecting against attacks such as phishing or ransomware – ranks as a top challenge for most companies. And while the topic of managing information security has breached the boardroom doors (virtual as they may be these days), detailed discussions about the process of safeguarding organization data from security risks are often left to the information security or IT team. Or, your CISO.
Leverages deep information security expertise to assist Department of Defense (DoD) contractors in preparing for CMMC certification
STAMFORD, CT, February 10, 2021 — EXTEND Resources, a leading business and legal performance improvement company, announced today that the Cybersecurity Maturity Model Certification Accreditation Board (CMMC AB) has recognized the company as a Registered Provider Organization (RPO). EXTEND will help organizations prepare to comply with the CMMC security standard and prepare for the CMMC assessment.
Your firm may not be privy to the legal secrets of the stars like Grubman Shire Meiselas & Sacks, which was hit by a REvil ransomware attack that threatened to release one terabyte of stolen celebrity client data. However, your attorneys do store and manage volumes of confidential data. And the data you store is just as valuable to your clients.
For those of us old enough to remember, the emergence of Information Security as a distinct and important function within the organization is very similar to the emergence of Information Technology departments years ago. Back then, as computing moved from mainframe to midrange to desktops, the organization needed to answer several questions to see how this new area fit into corporate functions.