Note: The following is a guest post from Daryn Teague, who provides support to the litigation software product line within the LexisNexis software division.
Executives from some of the nation’s leading law firms and large corporate legal departments shared insights this afternoon regarding major cybersecurity threats they’re confronting and what the legal community needs to do in order to successfully deal with the data security threat.
The session – “Law Firms Mobilize to Deal with Data Security Threat” – sponsored by the LexisNexis litigation solutions team and was part of the “Emerging Technology” track on Day One of LegalTech New York 2015.
The panelists identified four pervasive cyber threats that concern them every day:
1. A rogue employee or group of employees who purposely leak confidential data, provide an unauthorized person with access to the corporate information systems or steals electronic documents.
2. A sophisticated campaign of targeted cybercrime by professionals who obtain personal credit card data or other corporate financial information for resale on the black market.
3. Nation-state espionage carried out by an organized foreign entity for purposes of compromising company secrets or embarrassing the company.
4. A socially motivated data breach performed by “hacktivists” who seek to bring attention to their causes.
Last week, The Recorder reported on results of a new survey by the Association of Corporate Counsel – the ACC Chief Legal Officer (CLO) 2015 Survey – in which one in four Chief Legal Officers said they have experienced a data breach in their companies within the past two years.
Separately, several industry experts have previously warned of law firms as soft targets and that security breaches would an important issue this year. For example, in a roundup of 25-Plus Predictions for the Legal Industry in 2015, law practice management advisor Erik Mazzone of the NC Bar Association offered a forecast which might also double as a cautionary tale:
There will be a major law firm data breach which will open the conversation about law firm technology in general, and digital security in particular. Corporate clients will begin to drive change by conditioning the award of work on the successful performance of digital security audits by outside law firms. Ripple effects will extend throughout law firms of all sizes, causing them to augment their technology and security protocols as clients start to demand stronger performance in this area.
The panelists during this session observed that the pace of change within the legal community in response to the data security threat is rapidly increasing, pointing out that we’re seeing investments in people and technologies that are far beyond what we saw as recently as six months ago.
Consensus seemed to identify several key steps that the legal community needs to consider in order to confront the cybersecurity threat to law firms and corporations, including:
- Standard systems and processes for corporate legal departments, law firms and third-party vendors so we have a common language for data security standards;
- Better preparedness plans in the event of a major breach;
- Comprehensive risk management strategies to protect the “crown jewels” of critical importance to an organization;
- Vendors such as the LexisNexis software division to continue developing innovative managed technology solutions for storing and accessing data; and
- Faster innovation for how we deploy people, processes and technology to defeat cybersecurity threats.
What are the scariest data security threats that you perceive and what do you think our industry needs to be doing to confront those threats?
Photo by LexisNexis
If you enjoyed this post, you might also like:
10 Can’t Miss Events at LegalTech 2015 #LTNY