It’s Open Season on Law Firms for Ransomware & Cyberattacks
June 26, 2023 – Published on Dark Reading
An increasing rash of ransomware attacks on law firms prompted the UK’s National Cyber Security Centre to release a threat report last week advising the legal sector that their clients’ deepest, darkest, most sensitive secrets are in the crosshairs of some of the most prolific ransomware actors on the scene — and its time to get serious about securing legal sector networks.
Drew Schmitt with the GuidePoint Research and Intelligence Team notes that cybersecurity for the legal sector starts with basic information security best practices including patching, endpoint detection and response (EDR), having security information and event management (SIEM) tools in place, in addition to incident response planning, and more.
Schmitt agrees that in addition to basic hygiene and employee training the focus should be on the firm’s most sensitive data first.
“Having specific measures focused on sensitive data protection is a great step towards being proactive in mitigating risk associated with data exfiltration of sensitive and proprietary data,” Schmitt says. “Implementing data classification processes and technology focused on securing and preventing unauthorized access and interaction with sensitive data will help reduce the risk of a compromised account being able to exfiltrate data from the environment for extortion and/or sale on the Dark Web.”
Read More HERE.