Breaking Legal News & Current Law Headlines | Daily Legal Briefing
  • Home
  • Hot Topics
  • Breaking
  • Business
  • Big Law
  • Small Law
  • Law School
  • Legal Tech
No Result
View All Result
No Result
View All Result
Breaking Legal News & Current Law Headlines | Daily Legal Briefing
No Result
View All Result
Home Legal Tech

The Godfathers of Cybercrime: The 2022 Verizon Report

Daily Legal Briefing by Daily Legal Briefing
June 7, 2022
in Legal Tech
0
Two Law Firm Data Breaches And New Breach Stats
4
SHARES
33
VIEWS
Share on FacebookShare on Twitter


Ed. note: This is the latest in a new article series, Cybersecurity: Tips From the Trenches, by our friends at Sensei Enterprises, a boutique provider of IT, cybersecurity, and digital forensics services.

Roughly Four in Five Breaches Emanate from Organized Crime

Granted, the three authors of this article are geeks. And yes, we get excited every year when Verizon releases its annual data breach investigation report (DBIR). The Verizon 2022 Data Breach Investigation Report, like all of its predecessors, is chock full of reliable information that law firms need to know.

One of the stunning revelations this year is that roughly four in five breaches arise from organized crime. The quaint notion of disheveled individuals sitting in a chair, drinking endless caffeine-laden beverages and eating lots of pizza while hacking away has given way to criminal cartels, which operate much as the American mobsters once did, right down to godfathers who make people an offer they can’t refuse.

Many of the cartels, unsurprisingly, are in Russia, where their activities are tolerated and perhaps encouraged by the government. Just like the Mafia bosses, there is often some level of cooperation between the gangs – attacks and data leaks are coordinated, and they may share intelligence and even infrastructure.

By pooling their information about evading security software and dodging law enforcement, they increase their power and their ability to conduct successful attacks. Our government, at long last, is laser-focused on these cartels and sharing information with foreign governments, offering bounties for information about the gangs, upping its ability to trace cryptocurrency transactions and establishing new sanctions as well as imposing mandatory requirements on some entities to report data breaches.

New Data on Breaches – and the Human Element

The Verizon DBIR is now in its 15th year and was based on 23,896 security incidents. 5,212 of those incidents were confirmed intrusions. It will take you a while to get through the 107-page report, but this article may suffice in giving you the highlights.

A tiny slice of good news: Last year, there was a human element involved in data breaches 85% of the time. That percentage has dropped to 82% this year. Not much comfort there, even if the numbers are headed in the right direction.

What are humans doing? They are falling for social engineering attacks, clicking where they shouldn’t click, opening documents they shouldn’t open and trying to evade the restrictions imposed by their cybersecurity policies and technologies. They use weak passwords (if allowed). They share passwords and reuse passwords. They let their browsers remember their passwords. They resist any implementation of multi-factor authentication.

Notably, humans misconfigure cloud storage. Typically, a cloud breach is not the cloud’s fault – a user configures things incorrectly and thereby issues an engraved invitation to the hacker world.

The list of human mistakes is truly endless. This is one reason why security awareness training is so vital – particularly for law firms, who hold the confidential data of many people and entities.

Insiders or Outsiders?

As the report notes, it is common to see stories about the prevalence of insider attacks. However, the statistics don’t bear out that prevalence. Nearly three out of four cases exhibited evidence of the attack coming from an outside source. Internal sources accounted for only 18% of incidents.

While we find that statistic creditable, we note (as the report itself does) that insiders are sometimes very adept at keeping their malicious activity hidden!

Ransomware Stats

Law firms, like all other entities, have been targeted by ransomware gangs. Ransomware made up 25% of security incidents between November 1, 2020 and October 31, 2021 and was used in 70% of all malware infections.

How do they get through our defenses? They steal credentials or buy them on the dark web. They use phishing attacks and they exploit vulnerabilities.

Seventy five percent of ransomware incidents involved an intrusion exploiting desktop-sharing software (40%) or email (35%).

Perhaps the most dire warning emanates from the fact that ransomware attacks increased 13% year over year. That represents a larger increase than the previous five years combined. And still the hits keep coming.

Though law firms have heightened their defenses, the ransomware gangs have gotten smarter too, so we play an endless cat and mouse game, in which the mouse often, but not always, evades the cat.

Money Makes the World Go Round

Money makes the world go round as the song from “Cabaret” points out. So it is unsurprising that the report found that the motive in 89% of breaches was financial and 11% was espionage, perhaps a tribute to our troubled times. National-state affiliated cyber attacks continue to increase in sophistication.

While we are following a “Shields Up!” defense strategy as a country, we were late to the game – hopefully not so late that we cannot catch up. And as we remind lawyers all the time, law firms are a “one stop shop” for cybercriminals because they hold the data of so many entities.

We are encouraged by the strength shown recently by our government in its war against ransomware and other cybercrimes. It may take us some time to develop cyber defenses that result in unseating the godfathers of cybercrime. But that’s ok. We have it on good authority that “revenge is a dish best served cold.”


Sharon D. Nelson (snelson@senseient.com) is a practicing attorney and the president of Sensei Enterprises, Inc. She is a past president of the Virginia State Bar, the Fairfax Bar Association, and the Fairfax Law Foundation. She is a co-author of 18 books published by the ABA.

John W. Simek (jsimek@senseient.com) is vice president of Sensei Enterprises, Inc. He is a Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), and a nationally known expert in the area of digital forensics. He and Sharon provide legal technology, cybersecurity, and digital forensics services from their Fairfax, Virginia firm.

Michael C. Maschke (mmaschke@senseient.com) is the CEO/Director of Cybersecurity and Digital Forensics of Sensei Enterprises, Inc. He is an EnCase Certified Examiner, a Certified Computer Examiner (CCE #744), a Certified Ethical Hacker, and an AccessData Certified Examiner. He is also a Certified Information Systems Security Professional.





Click to Read Original Article

Previous Post

3 Issues Homeowners May Experience When Filing an Insurance Claim in Fort Myers

Next Post

If Legal Ops Is All About Contracts, What Are All These eDiscovery Firms Doing Here?

Daily Legal Briefing

Daily Legal Briefing

The latest breaking legal news from across World all in one place.

Related Posts

AI Is at the Intersection of Safety and Equity in Healthcare
Legal Tech

AI Is at the Intersection of Safety and Equity in Healthcare

by Daily Legal Briefing
March 31, 2023
LeVar Burton Shares Advice For Lawyers
Legal Tech

Preserving The Human Element: Contrasting LeVar Burton’s Vision With The Promise Of Generative AI At Legalweek 2023

by Daily Legal Briefing
March 30, 2023
The Legal Industry Has A Long Way To Go Before GPT Matches The Talk
Legal Tech

The Legal Industry Has A Long Way To Go Before GPT Matches The Talk

by Daily Legal Briefing
March 30, 2023
3 Lawyers Weigh In With Their Top TikTok Marketing Tips
Legal Tech

The TikTok Ban Is Starting To Look A Lot Like Gen Z’s Patriot Act

by Daily Legal Briefing
March 30, 2023
A Surprising Amount Of Law Talk For Talking About Everything Except The Law
Legal Tech

A Surprising Amount Of Law Talk For Talking About Everything Except The Law

by Daily Legal Briefing
March 29, 2023
Next Post
If Legal Ops Is All About Contracts, What Are All These eDiscovery Firms Doing Here?

If Legal Ops Is All About Contracts, What Are All These eDiscovery Firms Doing Here?

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Premium Content

ABA and 2 former ABA presidents to be recognized for promoting rule of law

ABA and 2 former ABA presidents to be recognized for promoting rule of law

December 3, 2021
Why Would a Homeowners Insurance Claim Be Denied in Iowa?

What Kinds of Protection Does a Homeowners Insurance Policy provide in Missouri?

June 7, 2022
Millions Of Documents Transform Into A Manageable Map With New Clustering Tool

Millions Of Documents Transform Into A Manageable Map With New Clustering Tool

June 8, 2022

Browse by Category

  • Big Law
  • Breaking
  • Business
  • Hot Topics
  • Law School
  • Legal Tech
  • Small Law

About US

Breaking Legal News & Current Law Headlines | Daily Legal Briefing.
Online coverage of breaking legal news and current law headlines from around the US. Top stories, videos, insight, and in-depth analysis.

Categories

  • Big Law
  • Breaking
  • Business
  • Hot Topics
  • Law School
  • Legal Tech
  • Small Law

Recent Updates

  • New York’s Biglaw Firms Really Flopped Financially Last Year
  • The Legal and Ethical Implications of Workplace Vaccine Mandates
  • Decades Of Impenetrable Walls Of Text

© 2021 Daily Legal Briefing | Breaking Legal News & Current Law Headlines

No Result
View All Result
  • Contact Us
  • Home

© 2021 Daily Legal Briefing | Breaking Legal News & Current Law Headlines

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?