Preparation for cyberattacks on your network requires a fundamental understanding of the complete picture of who has launched the assault. Steve Surdu of Surdu Consulting, LLP gave the keynote address at ILTA LegalSEC Summit 2015 in Baltimore, MD describing “The Anatomy of Successful Cyber Attacks.”
Steve outlined four attacker or threat profile group types; Hacktivists, Criminals, Terrorists, and Nation States. In the matrix below I break out each section he reviewed into a column view to better understand the who, why, where, motivations, advantages, limitations, and impacts for each group. I removed the Terrorist group as they tend not to pose a threat to law firms.
In summary the table offers an insight into the full anatomy of the threat for law firms. To mitigate the aforementioned threats, he outlined five key strategies:
- Awareness: An absolute must is providing education of all parties surrounding the law firm. This includes teaching employees, management, suppliers, and even your clients on the threats that exist, the tactics of the hackers, and the various outcomes from unsafe computing.
- Visibility: Never assume that you will know everything that is happening on your network. Keep an inventory of assets, logs and all alerts which when gathered together creates actionable intelligence.
- Focus: Law firms must think how the hackers attack, so avoid misplaced faith in compliance alone.
- Operational Expediency: Firms should make reasonable operational and security trade-offs. That is, do not spend all of your time on areas with little benefit, like patches for little used systems. Prioritize on the biggest impact items first.
- Priorities: The most valuable time spent on cybersecurity is spent on people and process over technology.
Wrapping up his discussion, he touched on cybersecurity in three areas pertinent to law firms; mobile, Cloud, and eDiscovery.
At this juncture, mobile devices do not pose a significant attack vector for large law firms. The real risk is one-offs including physical loss of the device, or exposure to data stored on the unit. Firms should remain vigilant by using encryption, password protection, and provide remote wiping on demand. Lastly he mentioned that Android remains a target.
The Cloud is intriguing from a security perspective. It provides familiar components to on-prem issues, but is outsourced. What that means is that the same predicaments arise but since a different operator is in the equation, it can be more complex. Surdu recommends to counter this threat by vetting your Cloud vendor carefully to manage your risk.
Similar to the Cloud, eDiscovery invokes the same issues that it does externally as it would internally. When you use hosted services those services have to be vetted for controlled access, general integrity, encryption were necessary and to assure that privacy laws are being followed. He recommends that firms use familiar and consistent platforms when possible.
In his parting thoughts, he focused on several salient points. While difficult, attempt to retain key players for your firm security. A revolving door in the Information Security department is ripe for attacks. Create a process to track key information and assets. By having these procedures in place the firm will know the who, what, where and when of deflecting cyber-attacks. Work to cultivate and maintain senior management to establish a sense of normalcy. Often hackers go after newer management because they are less likely to know systems and process. He also stressed that your best adversaries understand that details matter. “You should focus on the little things, because if you cannot get that right you will not get the bigger things.” Lastly he ended with a push for firms to concentrate on finishing security projects because that is much more important than simply starting them.