Lawyers Increasingly Targeted by Cyberattacks, 1017 COBJ, Vol. 46, No. 9 Pg. 18
Author | MARK SPITZ, J. |
TECHNOLOGY IN THE LAW PRACTICE
MARK SPITZ, J.
In
2015, an attorney at Moses Afonso Ryan Ltd., a 10-attorney
firm in Providence, Rhode Island, received an email from an
unknown sender. When the attorney clicked on an attachment to
the email, a malicious form of software called malware
infected the firm's network and decrypted all of its
data. The hackers demanded a "ransom" of $25,000 to
provide a key to decrypt the data, which the firm paid in the
form of bitcoin, only to find that the key did not work. By
the time the firm was able to regain access to its data and
electronic files, three months had passed. The firm claims it
lost over $700,000 in revenue during that time as a result of
the ransomware attack.
Cyberattacks on the Rise
Cyberattacks have become much more frequent in recent years, targeting both small companies and well-known companies such as Home Depot, Target, Yahoo!, and JPMorgan Chase. Cyberattacks can take many forms, including attempts to break into an organization's network; phishing emails or social media posts to someone within an organization containing an attachment or link with harmful software (often called "malware" or "ransomware"); or "denial of service" attacks that flood a website to the point that it crashes.
Hackers are often after customer credit card or bank account information, social security numbers, and other information they can sell for identity theft and other fraudulent uses. Or. they may be after a quick "ransom" payment, as in the case of the attack on Moses Afonso Ryan, or the recent WannaCry attack in May of this year. Law firms find themselves increasingly at risk, however, and the size of the firm is no guarantee against an attack. For example, in 2015 Cravath, Swaine & Moore LLP, and Weil, Gotshal & Manges LLP, two large New York firms, were attacked, allegedly by hackers based in China, lust this year, DLA Piper fell victim to the Petya cyberattack, which affected computers and systems worldwide, losing access to its email and telephone systems for more than a week.[2]
How common are cyberattacks against law firms? The American Bar Association's 2016 legal technology survey report found that 15% of law firms surveyed, and 25% of law firms with at least 100 attorneys, had experienced a breach of some kind.3Due to the potential damage to a firm's reputation from publicizing a breach, however, it is quite possible that these numbers are much lower than the actual frequency of attacks.
Why Target Law Firms?
One may ask, why do hackers go after law firms? The primary reason is that law firms have information that is attractive to hackers. In the attacks on Cravath...
To continue reading
Request your trial