How 2.6 terabyte of data can leave a company “via the backdoor”
“2.6 terabyte of data fit on an external USB hard drive and can be taken away very quickly. If the data is stolen from the outside of the company through the IT network, it probably takes a couple of weeks without being discovered,” describes Christian Polster, Chief Security Officer at RadarServices, a provider for IT security monitoring, this data volume.
The possibilities for leaking of such a huge data volume reveal the core areas of necessary IT security provisions for law firms: They have to focus on insider threats and external network access by professionally organized hackers.
Professionally organized hackers are on the rise particularly since 2015. In underground forums specialized programmers are sought after in order to attack large law firms. The data value draws attention, whether unpublished corporate financial results, information about upcoming acquisitions or mergers, business secrets or information about sensitive offshore activities are targeted. At the end of March 2016 cyber attacks on various US big-name law firms regularly representing Wall Street banks and Fortune 500 corporations (a.o. Cravath Swaine & Moore and Weil Gotshal & Manges) caused investigations by the FBI.
Insider threats, willfully or unconsciously precipitated damages provoked by employees, are especially relevant for law firms: in order to work cases lawyers and their teams of employees often have wide-ranging access to particularly sensitive client data. Nowadays access is usually available via computers, laptops, tablets and mobile phones without extensive security provisions and access to the internet.
Status quo of IT security at law firms
“The degree of protection at law firms is below average compared to their clients such as banks, insurances and other global players”, according to Christian Polster. “We, however, observe that the demand from law firms for continuous IT security monitoring is currently increasing. Reasons often are large projects for their potential clients. Law firms have to present their detailed IT security measures, let it review by the client’s specialized department as well as external specialists and must satisfy the often very high standards by their clients. An incomplete, flawed monitoring can disqualify a law firm from projects. The “Panama Papers” case shows boldly why these selection criteria for business partners are that essential.”
The set of effective IT security measures
Law firms have to focus on the proactive detection of security issues and need to identify internal or external attacks on their IT in real time. The continuous monitoring of the entire IT infrastructure delivers all the necessary information.
First of all, the continuous analysis of vulnerabilities from the inside and the outside: Each day new forms of cyber attacks are developing as well as new security flaws or vulnerabilities are arising. The continuous analysis is the prerequisite in order to detect an insecure encryption.
Secondly, a continuous monitoring of all gateways for malware and all communication channels across corporate boundaries: Hereby the analysis of attachments of all incoming emails and web-downloads in “isolated” environments (so called sandboxes) is recommended in order to prevent malware from entering the organisation’s network. Malware is commonly used to attain unauthorized access to the IT network. In addition, the transfer of data by the attacker to an external target in the internet needs to be detected. Therefore comprehensive security monitoring of all systems, data transfers and access to sensitive systems and files is needed. Data transfer from internal to external IPs, where no business relation exists, has to be detected and analysed in real time.
Thirdly, a continuous analysis and correlation of logs of individual systems: Attackers intent to make their movements in the network look as normal as possible. Nevertheless various logins from one user onto numerous systems with different IPs and at the same point in time could look suspicious. All logs from servers, network devices, applications and other central facilities have to be analysed centrally and correlated with the results from intrusion detection systems. By the means of network data analysis as well as log analysis it is monitored, which data volumes are transferred in the organisation and for example copied from the network onto laptops or directly to USB hard drives or USB sticks.
In addition, wide-ranging organisational security measures are “must haves” for law firms. Access privileges and access possibilities for employees have to be restricted, access to client data on servers has to be monitored, server data needs to be encrypted, policies stipulated and continuously monitored. Reliability checks by employees of all hierarchy levels as well as their handling of accessible data are further indispensable security provisions. A general prohibition for storing data on USB sticks or alerts in case an USB mass storage is plugged in are advisable. The prohibition of cloud uploads (a.o. dropbox) is recommendable at least for defined employee sub groups. Regular training concerning IT security-related issues for raising the awareness across the corporation should be organised.
The effective evaluation of the results generated by the automated tools and the review of implemented organisational security measures requires expert support. Experts do not only analyse data and correctly evaluate it but also configure the tools and adapt them continuously to the environment.
This comprehensive set of highly specialized analyses is offered by managed services providers. The special feature of the portfolio by RadarServices is that data never leaves the organisation of the client, thus highest confidentiality and security is guaranteed.
You must be logged in to post a comment Login