Cybersecurity consistently ranks as a top-10 priority for the C-Suite. Yet, companies face both a lack of in-house infosec resources and a very limited, expensive talent pool in the market. So, where do SMBs and SMEs naturally look for knowledge, guidance, and talent when it comes to information security? Managed IT service providers (MSPs) and managed security service providers (MSSPs).
In Part 3 of this series on the New Cyberwar, we will address the current best practices approach to preventing cyberattacks, such as ransomware and other cybercrime, and reacting to data breaches. When it comes to cybersecurity practices, is there really such a thing as “best?” How can you focus on developing the right practices for your organization? In addition, we’ll discuss the questions organizations should ask before performing a cybersecurity gap analysis project. Finally, we will dive into Data Vulnerability – what is it and where does it come into play?
EXTEND’s Steve Henn recently sat down with Paul Starrett of PrivacyLabs to discuss the ways data privacy and information security are interconnected, a modern take on managing compliance across both focus areas, and the four questions companies should ask themselves as they work to protect the data their organizations create, handle, and store. Jam-packed with insights from two leaders who bring extensive AI, technology, information security, legal management, and data risk management expertise to clients, IT, InfoSec, Compliance, and Legal teams can leverage the on-demand recording to support their compliance initiatives.
The private sector is starting to awaken to the fact that we are in the hackers’ crosshairs as the cyberwar rages. Several private initiatives led by the insurance industry are looking to develop a coordinated policy with government entities, data to inform action, and best practices for companies.
But is it fast enough?
It is an open secret that cyberwars have been going on for quite some time. To most of us, it is an unseen war – carried out by nations and nation-state actors against other countries. Consequently, the “civilian” populations of the nations at war were – for the most part – unaffected.
Criminal enterprises supported by nations have greatly increased cyberwar attacks on commercial companies and other non-governmental organizations. The SolarWinds hack, the Colonial Pipeline and JBS ransomware attacks, and others are just the beginning.
The current information security environment is hostile to organizations seeking to ensure information integrity of the confidential legal content their law firms hold and generate. Hackers see professional services firms such as law firms and CPAs as the number one industry to target with ransomware attacks. In fact, professional services firms experience more than twice the number of attacks than the second-highest industries: Healthcare and the Public Sector. Consequently, the cybersecurity environment is getting worse for law firms every day. As proof, we have seen numerous legal industry companies – firms and vendors – suffer severe attacks in the past 18 months.
Between April 1, 2020 and June 25, 2020, cybercriminals managed to steal personal health information (PHI) and personally identifiable information (PII) from over 36,000 patients at the University of Pittsburgh Medical Center (UPMC). The hackers did not, however, obtain this information by hacking into UPMC. In 2020, hackers managed to access the email of one of UPMC’s law firms, Charles J. Hilton and Associates, an eight-member firm focused on billing-related services. The hackers have allegedly generated over $2,000,000 in fraudulent financial transactions. There is now a large class action lawsuit hitting both UPMC and the law firm regarding the breach. The lesson: Law firms that lack good cybersecurity hygiene create cyber risk for corporate legal departments and their companies.
Tips for Executives and Board Members
Cybersecurity – protecting against attacks such as phishing or ransomware – ranks as a top challenge for most companies. And while the topic of managing information security has breached the boardroom doors (virtual as they may be these days), detailed discussions about the process of safeguarding organization data from security risks are often left to the information security or IT team. Or, your CISO.
Diverse legal expertise combined with comprehensive assessment drives legal operations maturity, efficiency, and superior value for the legal enterprise
STAMFORD, CT, December 10, 2020 — EXTEND Resources, a leading business and legal performance improvement services company, announced today that the company has joined Wolters Kluwer’s ELM Solutions Partner Program. Wolters Kluwer ELM Solutions is the market-leading provider of enterprise legal spend and matter management, contract lifecycle management, and legal analytics solutions.
Your firm may not be privy to the legal secrets of the stars like Grubman Shire Meiselas & Sacks, which was hit by a REvil ransomware attack that threatened to release one terabyte of stolen celebrity client data. However, your attorneys do store and manage volumes of confidential data. And the data you store is just as valuable to your clients.