Even before this summer’s spate of breach announcements by some of the country’s biggest institutions, financial industry regulators had begun urging banks – and their vendors – to step up their cyber security programs. Various regulatory bodies, including the Securities and Exchange Commission (SEC), the Financial Industry Regulatory Authority, are now seeing increasing urgency in examining the preparedness of brokerages, banks, and credit unions for dealing with cyber threats, according to an article last week in the New York Times.
One group of vendors in particular that’s coming under closer scrutiny is law firms. Cyber criminals have been targeting law firms for years, but the financial and potentially political repercussions of recent breaches have banks looking downstream for any security weak spots.
Although banks have been at the forefront of recent breach announcements, along with retailers, organizations of all types share personally identifying information, trade secrets, patents, and other intellectual property with their attorneys on a regular basis. In the past, criminals have taken this information to sell to unscrupulous competitors to give them the upper hand in mergers and acquisitions, or have stolen confidential information on pending legal cases to give them an advantage.
One of the biggest reasons that law firms continue to be attacked, though, is that they’re simply the weakest link in the security chain, and once they’re breached, can offer a treasure trove of information about banks, including backdoor access to their networks and executives, through which they can launch advanced persistent attacks that can go undetected for months or even years.
Unlike many businesses that have invested in cyber security the past few years, most law firms “don’t have the capabilities and the resources to protect themselves…therefore, it’s a vulnerability that the bad guys are trying to exploit, and are exploiting,” noted Patrick Fallon Jr., FBI’s assistant special agent.
While many large and international law firms are finally stepping up their security, many smaller firms may feel that they do not have the resources or budgets to adequately address the threats. However, some measures are very inexpensive, such as cyber security awareness training. Additionally, the American Bar Association offers 10 recommendations to law firms to help protect against attacks.
As The New York Times noted, “The problem is causing some security consultants to privately consider whether the sprawling financial firms with operations across the globe may be “too big to secure.” And smaller firms, the consultants say, may simply not have the ability to adequately defend customer information.”
The Cyveillance Cyber Threat Center was designed specifically for security, risk, and compliance professionals, so it monitors thousands of sources, including social media platforms, paste and post sites, as well as document sharing sites, for indications and warnings of potential breaches and attacks. To find out more about how we can help your business, contact us or sign up for a free trial.