While law firms have taken safeguarding against cyber security threats more seriously in the wake of the Panama Papers data leak, one cyber expert has warned they are still not doing enough.
While law firms have taken safeguarding against cyber security threats more seriously in the wake of the Panama Papers data leak, one cyber expert has warned they are still not doing enough.
Law firms have been reaching out to cyber threat analyst Chris Pogue ever since Panama-based firm Mossack Fonseca & Co had more than 11.5 million documents leaked to the public.
“For law firms, the second something happens that sparks an emotional reaction, people don’t just pay attention, they do something. It always takes a breach of industry before the rest of the industry stands up and takes notice and says ‘oh I don’t want that to be me, what now?’” Mr Pogue said.
“Since the Panama Papers have been released, my phone has rung two dozen times from law firms I’ve met or spoken with saying, ‘the senior partner thinks is now important, what do we do? How do we build a plan and strategy?’”
Mr Pogue is the vice-president of Nuix, a US-based cyber security and investigation technology company. He visited Australia to participate in a cyber governance panel discussion hosted by DLA Piper last month.
Firms are misguided in the way they perceive cyber security threats, as inhibitors rather than potential derailers of business, Mr Pogue said.
“Lawyers and law firms think in terms of litigating, legislating and making money – so they think of cyber security as a business inhibitor. But security is the difference between staying in business and going out of business,” Mr Pogue said.
“Security is not a destination, it’s a journey. You will never ‘get secure’ – your security might be better today, but you will never be completely secure,” he said.
Half-baked cyber security plans also exposed firms to greater risk, Mr Pogue added.
“You have to commit or not do it at all. Partial commitment is the biggest risk to law firms – where you think it’s important but then business drivers get away, so you choose not to force others to comply with your security posture, that’s worse than not doing anything at all,” Mr Pogue said.
DLA Piper recently commissioned the film 'In a flash', to highlight cyber security and corporate governance best practice. It examines the fallout scenario of a cyber security breach.
The film was used to raise legal and regulatory issues flowing from a security breach at a screening event hosted in Melbourne.
DLA Piper partner Tim Lyons said all companies and customers should consider themselves at risk.
“Cyber security is becoming one of the most challenging issues facing companies and consumers. In today’s interconnected world, virtually all companies and their customers are potential targets for cyber attacks,” he said.