A recent episode of “The Good Wife” starred the cryptolocker virus and phishng, very common attack vectors. The plot twist begins with Diane Lockhart standing in front of a computer and looking at an obviously fake email. She double clicked and instantaneously every desktop in the office started a 72-hour countdown timer. “Pay now, or else all your files will be deleted.”

In the end, the amazing Kalinda drew upon her resources to track down the ringleader of the Russian crime syndicate running the cryptolocker scam. After a simple reverse webcam hack and a few anti-Putin emails, the unlock code is safely in her possession. I love the way that turned out, even in fantasy.

In reality, cryptolocker doesn’t play out very nicely. We’ve only seen a few cases, none of which had anything as sexy as a countdown timer. They all had data folders full of encrypted files. The only solution for most companies, especially with low encryption skills is paying the ransom or wiping the machine and restoring from backup. Most folks think you only need disaster recovery in case of natural disasters. Reality is that a simple click of an email attachment will put a recovery plan into action.

Why do Law Firms make good targets for cyberattacks?

Reality is that cyberattacks are increasingly becoming pervasive for Law Firms for a number of reasons;

  • Law firms make good targets as they possess data for firms involved in significant transactions. In the past, China-based hackers looking to derail the $40 billion acquisition of the world’s largest potash producer by an Australian mining giant zeroed in on offices on Toronto’s Bay Street, home of the Canadian law firms handling the deal. Over a few months beginning in September 2010, the hackers rifled one secure computer network after the next, eventually hitting seven different law firms. The investigation linked the intrusions to a Chinese effort to scuttle the takeover of Potash Corp. of Saskatchewan Inc. by BHP Billiton Ltd. as part of the global competition for natural resources. Such stolen data can be worth tens of millions of dollars and give the party who possesses it an unfair advantage in deal negotiations, according to Daniel Tobok.
  • Law firms handle Trust Accounts – In an incident, a law firm suffered a six-figure loss when hackers, armed with legitimate credentials, bypassed security defenses and stole funds placed in trust accounts Such attacks are pervasive, according to Mandiant in 2011 80 major U.S. legal firms were hacked.
  • Political motives are another driving force behind some cyber-attacks. For example, a group of state-sponsored hackers, dubbed the “Comment Group,” infiltrated political targets, such as the president of the European Union Council, at the height of the Greek bailout controversy. The Comment Group’s targets also included other economic targets: law firms, investment banks, oil companies, drug makers and technology manufacturers.
  • Exposure to business and threats from operating in a interconnected global ecosystem where the smallest link can prove the Achilles’ heel that brings down the system. Law firms have to protect their sensitive information and security program to ensure they don’t become conduits of vulnerabilities for their clients.

All companies should take a look at the Framework for Improving Critical Infrastructure Cybersecurity established by the National Institute of Standards and Technology (NIST).

The framework is non-prescriptive but provides a common terminology that can be used to determine how a firm addresses cyber-security issues. As awareness of the cyber-threat issue grows and the Framework provides a hard-measure of preparedness, it will no longer suffice to have processes in place to protect the personal information of your clients and investors—although that will be important. It will no longer suffice to have processes in place to protect the loss of critical firm data such as trading algorithms or to have developed and tested a business continuity plan. Of course, that is important too. From the perspective of senior management, the Framework indicates what could, and possibly should, be done and this vision far exceeds what is currently required.

The Framework describes a three-component approach to cyber-security issues. The first component highlights the need to identify, detect and protect against risks, and to respond and recover appropriately. The core also provides reference citations to help determine legal and regulatory requirements and best practices. The second component defines organizational approaches to the risks, ranging from ad hoc to fully risk-based and informed. The highest tier, which will likely become the only acceptable tier to regulators, is called the Adaptive Tier. At this level an organization has an enterprise-wide approach, uses risk-informed policies, shares information with partners and adapts its cyber-security practices through a continuous improvement process. The third component—a Profile—is based on an organization’s identification of the risks that apply to its business activities and self-selection of an applicable tier of cyber-risk awareness. The Profile can describe an organization’s current state of readiness and its desired state.

Pamela Gupta is a Senior Cybersecurity Consultant, email her or tweet her.