Why endpoint protection is critical for law firms facing increasing cyber threats
Having been heavily reliant on paper-based processes for decades, legal firms are now embracing the concept of digital transformation in growing numbers, writes Anthony Daniel.
For firms following this strategy, the business benefits can be significant. Manual workflows can be replaced with streamlined digital equivalents, while traditional “wet” signatures can be retired and replaced with e-signature alternatives.
The growing threat of cyber crime threat
Unfortunately, this shift to digital workflows increases the exposure of legal firms to a growing number of cyber threats. Suffering an attack not only means disruption and financial cost but can also result in serious damage to a firm’s professional reputation.
Legal firms are tempting targets for cyber attacks because of the significant volume of sensitive data they store and use on behalf of their clients. If a cyber criminal succeeds in gaining access to a firm’s IT infrastructure, they could steal such data or encrypt it and then demand payment of a ransom for the keys.
Another increasingly popular tactic involves a cyber criminal stealing copies of sensitive data and then threatening to release it publicly if payment demands are not met. As well as hurting the reputation of the firm, this could also have devastating consequences for clients.
Stages of an attack
Typically, cyber attacks tend to comprise four distinct stages. Being aware of these will make it easier for firms to deploy effective means of protection. The stages are:
Achieving initial access:
The first step for an attacker is to gain access to their target’s IT network. This can be achieved through password theft, brute force, exploiting a software vulnerability, or by impersonating a legitimate user. Once inside the network, the hacker will attempt to steal login credentials to gain access to systems and data while evading conventional protection measures.
Preparation:
Once a cyber criminal has gained access to a firm’s IT infrastructure, they will then prepare for their attack. This could involve introducing a malware package that contains all the tools they will need to carry out the attack. Alternatively, once they are within the network, they can then download the required tools by using a connection to the public internet.
Lateral movement and privilege escalation:
This stage of the attack involves the cyber criminal attempting to move around the firm’s IT infrastructure to determine what data to target. They may also work to escalate their level of privilege so they can access as much sensitive data as possible. All this is done while at the same time avoiding detection.
Data extraction and encryption:
Once the sensitive data has been identified, the cyber criminal will then attempt to exfiltrate that data, destroy the firm’s backups, and encrypt the remaining files.
Endpoint protection is key
Law firms need to have protective measures in place that ensure there is clear visibility into their IT networks at all times. If this is achieved, it becomes much easier to spot intrusions before any data removal or encryption takes place.
Experience shows that the best defences against cyber attacks are prevention, detection, and timely response. This will allow the firm to ensure that the attack chain is broken before it can succeed.
A critical part of achieving this is having effective endpoint protection in place. These tools will work to block emails containing malicious code and prevent staff from accessing malicious sites by clicking on unknown links.
If an attacker does succeed in installing ransomware code on an endpoint device, the tool will prevent malware from being downloaded by either checking against local generic signatures and analysing the file with heuristic technologies or by querying collective intelligence in the cloud.
If ransomware is successfully downloaded into a legal firm’s IT infrastructure and attempts are made to execute it at the endpoint, security tools can identify it as an intrusion and prevent execution.
It’s clear that the security threats faced by law firms are going to continue to increase. By taking time now to examine the protective measures that are in place, and hardening them where required, the chance of falling victim to an attack can be significantly reduced.
Anthony Daniel is the regional director of Australia, New Zealand and Pacific Islands for WatchGuard Technologies.