The State of Cybersecurity

By Douglas Concepcion

Based on the historical trend established over the last few years, it is expected that the number and sophistication of cyber-attacks will continue to increase.  54% of the professionals in the cybersecurity space anticipate a successful attack against their organization within the next twelve months.  Even though security budgets have been increasing over the last several years, the return on the investment has been decreasing, i.e., what is known as the trickledown effect.  This means that nation states and sophisticated actors (all black hat hackers) have been developing very powerful tools over the past (approximately) ten years, and as with all technical development, the tools eventually make their way into the public space.  In these cases, very innovative malware is now being used by criminal actors to circumvent the cybersecurity (hardware and software) of organizations.  Due to this level of concern, most organizations, on average, are increasing their security budget by 21% in the coming year, with a focus on securing planned or existing cloud infrastructures, applications, training and education of staff and mobile devices. 

The biggest hurdles experienced by organizations is lack of knowledgeable or skilled employees in cybersecurity; with an overall shortage worldwide of about 800,000 at the present time, that number is expected to increase to 1.7 million unfilled cybersecurity positions globally by 2020.  This shortage is causing organizations to increase training of existing staff in cybersecurity, and to contract with companies that offer Managed Security Service Provider (MSSP) and Managed Service Provider (MSP) services.  A primary reason for the outsourcing to one of these organizations is that these service providers already have a dedicated staff in place 24/7, with the required skill sets for managing cybersecurity.  This removes a large portion of the security personnel burden from the organization, while also sharing the responsibility of security operations.

In the past few years, the legal industry has been one of the biggest adapters of cloud services because of its ability to address many operational concerns; but, this adaptation does not come without some major concerns, specifically data loss, threats to data privacy and breach of confidentiality.  These forms of breaches (incidents) can cause reputational damage which, in most cases, will have a longer impact on the business than the event itself.  Data breach concerns are further complicated by the use of mobile devices which can easily lead to data leakage (sending to the wrong e-mail address, Wi-Fi hackers, etc.).  There is also concern over the loss of controlled data by employees’ use of unauthorized cloud storage providers, e.g., Dropbox, Google Drive and others. 

Most of the major breaches that have occurred recently have been via a third-party vendor performing service for an organization.  As an example, a vendor repairing an air conditioning unit plugged its laptop into the customer’s network.  The vendor’s computer was infected with a virus that allowed a hacker to gain the client’s data.  For another example, an outside company was hired to address a point-of-sale issue with a client’s registers.  The vendor plugged its computer (which was infected) into the company’s network.  The infection allowed the client’s information to be hacked. 

Law firms are now being audited by companies for whom they perform work, as the work being performed for these organizations requires the handling of sensitive information.  This is causing a major shift in the way law firms traditionally addressed cybersecurity.  These audits are now requiring that law firms properly address regulatory needs, which is not limited to technology, but encompasses policies and procedures, disaster recovery, business continuity, physical security and the onboarding and off-boarding of staff, to name a few.  Because of these audit requirements, and the lack of in-house cybersecurity personnel, law firms need to consider leveraging behavioral analysis tools on the network and at all endpoints (laptops, cell phones, desktops, wireless points), as well as engaging with an IT partner that can assist them in achieving a proper security posture. 

By leveraging machine learning, organizations can close security concerns around Internet of Things (IoT), since most of these devices have very lax or no security capabilities.  Machine learning also allows for the monitoring of data exchanges within the organization, and with external parties for the detection of anomalies from the norm.  Think Edward Snowden (took valuable information from the National Security Agency and gave it to the Russians).  Machine learning can also assist in predicting threats based on historical data based on specific trends as evaluated by big data produced by the machine learning software. 

Because machine learning has the ability to see “real-time” activity on the network and endpoints, it can provide organizations with an all-inclusive enterprise detection and protection technology (addressing the ability to monitor the activity of all devices).

Some solutions leveraging machine learning are only able to detect anomalies, but not able to remediate the found issues or breaches.  To overcome this limitation, an MSSP should be used to ensure that any alert that is received during both work and non-work hours is properly analyzed and communicated.  Furthermore, an MSSP also provides law firms with a pool of dedicated cybersecurity experts that can be leveraged as needed.  Needs are recognizable by an MSSP and can be further remediated by use of Virtual Chief Information Security Officer (vCISO) services.  Law firm budgets should include funds for assistance from an MSSP and vCISO services, if a dedicated, in-house CISO is not possible.

Today, cybersecurity should no longer be an afterthought in the budget-planning process.  It should be front and center because of the impact a breach or malicious actor can have on any law firm.

Douglas Concepcion is a Security Solutions Architect at Micro Strategies.  For 35 years, Micro Strategies has been transforming the business world through innovative and advanced technical solutions.  Micro Strategies has distinguished itself as one of the most innovative technology solution providers and a strategic business partner for premier technology vendors.  As an industry leader, Micro Strategies is at the forefront of architecting and implementing quality technology solutions with a commitment to responsive, client-first service and customer satisfaction.  Douglas may be reached at [email protected].

Share this post: