Haaretz.com, the online English edition of Haaretz Newspaper in Israel, gives you breaking news, analyses and opinions about Israel, the Middle East and the Jewish World.
© Haaretz Daily Newspaper Ltd. All Rights Reserved
When people think of legal movies, they usually think of Legally Blonde or My Cousin Vinny. But times are changing — they’d be better served if they thought about Blackhat. Attorney-client privilege does wonders when an adverse party wants to compel you to disclose information, but it doesn’t do much in the face of key loggers. Cyber attacks are a real threat to firm security, and even large firms like Quinn Emanuel need to be wary of them. From Reuters:
An electronic discovery vendor for U.S. law firm Quinn Emanuel Urquhart & Sullivan suffered a cybersecurity attack that may have exposed client information, the firm disclosed to California authorities on Friday.
Quinn Emanuel confirmed to Reuters on Monday that “a third-party data center we use for document management for some of our clients became the victim of a ransomware attack” last year. It said the attack was “limited to a small portion of our clients and matters.”
As fortunate as it is that only a small portion of clients and matters were hit in the ransomware attack, none is always preferable. The list of Biglaw firms that have been hit by hackers looks like a who’s who of the industry: Jones Day, Gibson Dunn, Orrick, and others. Will your firm be the next to join the list? If you want to avoid that, your best bet would be to bolster your cybersecurity during the “just in case” phase rather than the “why didn’t we just factor it into overhead” one. Your clients and your PR team will thank you.
Quinn Emanuel Reports Cyber Attack Involving ‘Limited’ Client Data [Reuters]
Chris Williams became a social media manager and assistant editor for Above the Law in June 2021. Prior to joining the staff, he moonlighted as a minor Memelord™ in the Facebook group Law School Memes for Edgy T14s. He endured Missouri long enough to graduate from Washington University in St. Louis School of Law. He is a former boatbuilder who cannot swim, a published author on critical race theory, philosophy, and humor, and has a love for cycling that occasionally annoys his peers. You can reach him by email at [email protected] and by tweet at @WritesForRent.
Just about every cybersecurity provider has an artificial intelligence-related story to tell these days.
There are many security products and services that now come with built-in AI features, offering better ways to seek out and neutralize malware. Or they have new “co-pilot” add-ons that allow human operators to work hand-in-mouse with an AI-driven assistant to screen security alerts. Or they use AI add-on tools for better phishing detection, new threat discovery or troubleshooting of network and application problems or misconfigurations.
SiliconANGLE analyzed both the good and bad sides of AI-based cybersecurity. Now, let’s examine some of the products that offer the most promise.
The spread of AI-infused security cuts across startup and established companies alike. For example, Palo Alto Networks Inc. is developing its own large language model or LLM that will use AI to improve its operational efficiencies. SentinelOne Inc. will have an LLM so that security analysts can query potential threats with a simple search box without the need to learn complex jargon or syntax. Cloudflare Inc. is using machine learning to help more quickly find and neutralize botnets. And both Blink Ops and Trend Micro Inc. will integrate AI into their tools with copilot-like features.
That’s not all. Darktrace Holdings Ltd. has already used AI to identify several cyberattacks, such as one targeting a power grid that its AI found within a few hours. BreachLock Inc.’s penetration testing as a service has been tapping AI to improve its efficiency in handling security audits and analysis services. Cybersixgill has its IQ service that amplifies its dark web scanning tools, as SiliconANGLE wrote about recently.
Then there’s Sentra Inc., which has a browser extension that will anonymize chatbot queries and block inadvertent private data transmissions. Guardz has enhanced its phishing protection with AI. Earlier this year, HiddenLayer Inc. won the RSA Conference Innovation Sandbox for best new product, a tool that can help defend against adversarial AI-based attacks. And those are by no means exhaustive.
Even companies not selling security services want to call attention to their AI…
UK law firms are attractive targets for cyber criminals because of the large sums of money and highly sensitive information they handle, according to the National Cyber Security Centre.
Firms are also vulnerable in more novel ways due to remote or hybrid workplace setups stemming from COVID-19 lockdowns, the agency said in updated guidance published last week. Remote employees are more likely to connect to unsecured, noncorporate routers. Cyber threat tactics have also become more sophisticated, the report said.
The organization is “increasingly seeing ‘hackers-for-hire’ who earn money through commissions to carry out malicious cyber activities for third party clients, often involving the theft of information to gain the upper hand in business dealings or legal disputes,” it said.
Phishing emails to employees is among the top ways hackers attack law firms’ information. The NCSC reported that 79% of all cyber attacks were phishing attempts.
The report recommended maintaining strong company governance to minimize the risk of cyber threats as well as investing in training for all staff members to improve security culture.
The updated guidance is a “timely intervention,” said Lubna Shuja, president of the Law Society serving England and Wales. The initial report was published in 2018.
Last week, Bloomberg Law reported that US firm Bryan Cave Leighton Paisner was hit by a cyberattack that compromised client data.
In April, Proskauer Rose confirmed that its clients’ data, including sensitive financial information, had been exposed to hackers.
Goodwin Procter and Jones Day data was exposed through a breach at tech provider Accellion, now known as Kiteworks, in 2021. The firms acknowledged that the breach had left confidential client data exposed.
The American Bar Association said in 2020 that nearly 30% of U.S. law firms reported a security breach.