By: Trisha Black
Our society is becoming more reliant on technology. As this happens, we are placing our information at more risk of being compromised. There is no way around using technology. As businesses and individuals strive for more efficiency, they adopt more technological advances to achieve that. With the increased use comes increased security concerns. Cybersecurity threats are increasing substantially.[1] API security incidents have impacted 95% of businesses in the past year.[2] Technology is becoming integrated with our physical infrastructure. As this happens the threats become significantly more detrimental to the country.
Lawyers and law firms are no different. They are trying to remain competitive and increase their efficiency, but lawyers are in a vulnerable position as they have requirements to protect their clients beyond the average business. Lawyers have a duty to maintain client confidentiality.[3] With few guidelines and regulations in place to ensure secure computing and technology, lawyers need to take responsibility for the security. This comes in the form of being more knowledgeable about cybersecurity.
Cybersecurity is a growing interest, and the recent events in Ukraine and Russia have increased the concern in our country. Cyber-attacks are increasing, and most businesses are being impacted by them.[4] Most businesses are not implementing any additional protections against these attacks.[5] Though this is not unique to the legal field, the legal field is not immune. What recent events have shown is that attacks come in more than physical form.[6] Kinetic attacks by Russia have been paralleled by cyber threats.[7] The unique aspect of this attack was that there was no attempt to take, but instead to destroy. They used something referred to as malware. Malware is not new, but the forms being used are. This is why the challenge with this tactic is creating problems in the cyber realm. The way the malware operates is that it spreads and deletes the data of the users. This malware can impact all users and would have grave consequences for large corporations and law firms.[8]
How can lawyers, companies and individuals protect their data? The Cybersecurity and Infrastructure Security Agency (CISA) is designed to help organizations and individuals protect their information.[9] CISA frequently publishes information to assist in protecting data across the United States.[10] They also assess the current risks and inform the general public of the potential attacks that they have observed or anticipate coming.[11] The attack on Ukraine has shown that there are many threats from foreign nations and by tracking and studying their tendencies, they can predict the threats that could be faced by the United States. Further, CISA provides information about who the threats may be coming from and what type of threats are given, with specific guidance on how these threats may be mitigated.[12] CISA not only assesses the threats and provides guidance, but they also provide training on how to best handle the threats.[13]
As we move towards a more internet, cloud computing, and IoT society we need to adapt our security measures to match. Law firms are beginning to want lawyers with cybersecurity expertise and companies are beginning to seek out counsel with an understanding of cybersecurity. Schools are beginning to offer more and more classes related to cybersecurity but that may not be enough for the growing concerns. Lawyers need to be current on the cybersecurity threats and ensure they are taking action to make certain their clients are protected. They also need to follow current research on the most significant threats and the guidance on how to protect the data of the organizations they work for and the clients.
[1] API attacks increase 681% in the last 12 months, Security Magazine (Mar. 2, 2022), securitymagazine.com/articles/97178-api-attacks-increased-681-in-the-last-12-months.
[2] API Attacks Rose 681% in the past 12 Months, Compared to a 321% increase in Overall API Traffic, Salt, https://salt.security/api-security-trends? (last visited Mar. 2, 2022).
[3] Jaime Sardina, How Cyber Security is Changing the Way Lawyers Work, Lawahead, https://lawahead.ie.edu/how-cybersecurity-is-changing-the-way-lawyers-work/ (last visited Mar. 2, 2022).
[4] Salt, supra note 2.
[5] Id.
[6] Destructive Malware Targeting Organizations in Ukraine, CISA, https://www.cisa.gov/uscert/ncas/alerts/aa22-057a (Mar. 1, 2022).
[7] Id.
[8] Id.
[9] Id.
[10] Id.
[11] CISA, supra note 6.
[12] Id.
[13] Id.