Pulsant: Don't dwell on it
Cyber criminals may hate the law but they certainly love legal firms. All that highly sensitive client data and cash make law firms an obvious target.
The threat is real and growing. The Solicitors Regulation Authority (SRA) believes that on a conservative estimate, £10.7m of client funds were stolen from UK law firms in 2017. And, of course, it’s about more than money. Cyber criminals know that legal practices hold extremely valuable information belonging to major commercial clients, including details about M&As, IP and emerging legal disputes.
When this information is stolen or held to ransom, it can hit a firm like a massive sledge hammer in terms of reputation and cost – particularly SMEs. Hefty bills for expert investigation and remediation are unavoidable, probably followed by legal action from those affected (along with compensation) and potentially severe fines or loss of accreditation. Everyone from the SRA to the Legal Services Board and the Information Commissioner’s Office will be involved.
Irrespective of where your data is held, on premise, managed service provider or public cloud you’ll be responsible for securing your data – and cyber criminals are increasingly prolific and professional. But don’t despair. Protection from all these nasties starts with understanding the jargon – especially when evaluating service providers. For example, do you know what dwell time is?
You should. Dwell time is the duration a threat actor (attacker) has undetected access in a network before they’re completely removed. The more time an attacker has to access your environment, the more time they have to understand your valuable data and find ways into your more sensitive data and systems. Security specialist Armor says that while it takes a cyber criminal four to six days on average to carry out an attack, it usually takes more than 146 days on average for a company to discover a breach.
Therefore, minimising the dwell time and the ability of the cyber criminal to work inside your environment lowers the risk of malware distribution, encryption of data through ransomware, delivery of botnets and the volume and value of the data breached. Thus, the shorter the dwell time the lower the cost of the security incident through lost revenues, client churn, client communications, brand damage, investigatory costs, technical remediation costs and potential regulatory/legal penalties.
This year’s Ponemon Institute Cost of a data breach study calculates that companies containing a breach in fewer than 30 days saved more than $1m, compared with those that took more than 30 days to resolve.
Fortunately, solutions are at hand. Advanced techniques deploying continuous threat-hunting make it possible to intercept the cyber criminals’ process, and deploying these from a cloud provider can mean affordable operating expense solutions rather than heavy capital expense equipment and licensing.
When legal firms conduct due diligence on cloud vendors, they need to concentrate on companies that offer these capabilities and for whom the reduction in dwell time encompasses eradication.
For all legal practices, dwell time has to be more than a mere metric: it must become the catalyst for an active security policy. This is a vital factor in risk-mitigation that has to be at the forefront when law firms consider how they use the cloud.
This article appeared in LPM November 2018 - Boxing clever