1) The document discusses cybersecurity risks faced by legal firms and recommends adopting security intelligence tools to help detect threats faster through improved monitoring. It outlines key threat vectors like mergers and acquisitions targeting, insider threats, phishing emails, and disgruntled employees.
2) Specific threats are detailed, like the FIN4 group monitoring legal firms for financial gain from M&A insights. Insider threats from file sharing or email are also risks. Monitoring tools can help detect anomalous user behavior or policy violations.
3) The document recommends a security intelligence approach using analytics to gain visibility across systems and detect threats in hours rather than days to help reduce costs from cyber incidents. Case studies show these tools improving detection and
“Cyber Liability & Cyber Insurance” - A discussion on best practices around Prevention, Detection, and Response!
Sponsored by Datto and Webster Bank
Series brought to you by the Connecticut Technology Council.
____________
TOPIC FOCUS:
1. Evolution and acceptance of Cybersecurity insurance
a. Understanding risk & effect on businesses
i. Used to be major brands, now widespread.
ii. Risk recognized, business leaders looking to minimize risk
b. Describing changes in cybersecurity insurance
How coverages have evolved - not just for biggest companies
i. Insurers are working with (tech) companies to get it right
ii. Where is it going from here? Trends, specialty insurance
2. Describe insurance types/ specifics and how they perform when needed
. Not all policies are the same
a. What to look for
b. How they vary by type of business (Healthcare vs. Retail vs. Software Co.)
c. What gaps still remain (What can’t get covered?)
3. How to minimize cost, get most value for your company
. Some protections on your current policies
a. Gating elements - What the insurance companies want to see - how that might help costs
4. Best practices generally
Event report from Cyber Security roundtable discussions held in 5 cities. Manila on 31August 2016, Jakarta 6 October 2016, Kuala Lumpur 21 October 2016, Singapore 27 October 2016 and Hong Kong 11 November 2016. Organised by CIO Academy Asia and its partner Fortinet.
“Cyber Liability & Cyber Insurance” - A discussion on best practices around Prevention, Detection, and Response!
Sponsored by Datto and Webster Bank
Series brought to you by the Connecticut Technology Council.
____________
TOPIC FOCUS:
1. Evolution and acceptance of Cybersecurity insurance
a. Understanding risk & effect on businesses
i. Used to be major brands, now widespread.
ii. Risk recognized, business leaders looking to minimize risk
b. Describing changes in cybersecurity insurance
How coverages have evolved - not just for biggest companies
i. Insurers are working with (tech) companies to get it right
ii. Where is it going from here? Trends, specialty insurance
2. Describe insurance types/ specifics and how they perform when needed
. Not all policies are the same
a. What to look for
b. How they vary by type of business (Healthcare vs. Retail vs. Software Co.)
c. What gaps still remain (What can’t get covered?)
3. How to minimize cost, get most value for your company
. Some protections on your current policies
a. Gating elements - What the insurance companies want to see - how that might help costs
4. Best practices generally
Event report from Cyber Security roundtable discussions held in 5 cities. Manila on 31August 2016, Jakarta 6 October 2016, Kuala Lumpur 21 October 2016, Singapore 27 October 2016 and Hong Kong 11 November 2016. Organised by CIO Academy Asia and its partner Fortinet.
Data breach events result in significant losses each year. Our partners at Bonahoom & Bobilya, LLC, created a presentation about understanding the hidden regulatory risks of a data breach so you can keep your company from going out of business.
This presentation has been shared with permission.
This presentation examines to what extent that cyber-insurance can be a useful tool to manage the risks and harms caused by massive cyber-attacks from the national as opposed to enterprise standpoint,
Shaping Your Future in Banking Cybersecurity Dawn Yankeelov
Designed for bankers, this cybersecurity policy presentation given via partnership with the BSG Financial Group explains where the industry should pay attention and what is next. It was presented on Jan. 24, 2017.
IT Executive Guide to Security IntelligencethinkASG
Transitioning from log management and SIEM to comprehensive security intelligence.
This white paper discusses the increasing need for organizations to maintain comprehensive and cost-effective information security, and describes the integrated set of solutions provided by the IBM QRadar Security Intelligence Platform designed to help achieve total security intelligence.
Cyber Threat Intelligence (CTI) primarily focuses on analysing raw data gathered from recent and past events to monitor, detect and prevent threats to an organisation, shifting the focus from reactive to preventive intelligent security measures.
Cyber 101: An introduction to privileged access managementseadeloitte
Gartner has named privileged access management the #1 cyber security priority for organisations. But what exactly does privileged access management entail?
In this report we share our insight on the recruitment of cyber security professionals including information regarding the key drivers in the cyber security market, permanent and contract recruitment trends, transferable skills, the top job titles, salaries and qualifications analysis, a heat map of skills demands/talent pools across the UK, concluding with recommendations on attracting and retaining cyber security talent.
We found that while cyber security was named as the topmost future tech adoption for organizations in 2019, cyber security is now the second tech priority for 2021 but with a higher budget than previously allocated. We also discovered that cloud security currently holds more importance with CISOs, CTOs and CIOs than data security and privacy.
Cyber Liability - Insurance Risk Management and PreparationEric Reehl
See how Adaptive Solutions is delivering leading cyber risk management solutions through its strategic alliance with Willis Towers Watson and Darklight Technologies.
Data breach events result in significant losses each year. Our partners at Bonahoom & Bobilya, LLC, created a presentation about understanding the hidden regulatory risks of a data breach so you can keep your company from going out of business.
This presentation has been shared with permission.
This presentation examines to what extent that cyber-insurance can be a useful tool to manage the risks and harms caused by massive cyber-attacks from the national as opposed to enterprise standpoint,
Shaping Your Future in Banking Cybersecurity Dawn Yankeelov
Designed for bankers, this cybersecurity policy presentation given via partnership with the BSG Financial Group explains where the industry should pay attention and what is next. It was presented on Jan. 24, 2017.
IT Executive Guide to Security IntelligencethinkASG
Transitioning from log management and SIEM to comprehensive security intelligence.
This white paper discusses the increasing need for organizations to maintain comprehensive and cost-effective information security, and describes the integrated set of solutions provided by the IBM QRadar Security Intelligence Platform designed to help achieve total security intelligence.
Cyber Threat Intelligence (CTI) primarily focuses on analysing raw data gathered from recent and past events to monitor, detect and prevent threats to an organisation, shifting the focus from reactive to preventive intelligent security measures.
Cyber 101: An introduction to privileged access managementseadeloitte
Gartner has named privileged access management the #1 cyber security priority for organisations. But what exactly does privileged access management entail?
In this report we share our insight on the recruitment of cyber security professionals including information regarding the key drivers in the cyber security market, permanent and contract recruitment trends, transferable skills, the top job titles, salaries and qualifications analysis, a heat map of skills demands/talent pools across the UK, concluding with recommendations on attracting and retaining cyber security talent.
We found that while cyber security was named as the topmost future tech adoption for organizations in 2019, cyber security is now the second tech priority for 2021 but with a higher budget than previously allocated. We also discovered that cloud security currently holds more importance with CISOs, CTOs and CIOs than data security and privacy.
Cyber Liability - Insurance Risk Management and PreparationEric Reehl
See how Adaptive Solutions is delivering leading cyber risk management solutions through its strategic alliance with Willis Towers Watson and Darklight Technologies.
Packers and Movers in Borivali (Mumbai) – All City Packers & Movers Provides Damage Free Service @ Low Rates. Set up a Survey and Get a Free Quote Now!
Regaining the trust of HNW and UHNW investors with advice: independence, obje...Scorpio Partnership
Presentation by Sebastian Dovey, Managing Partner of Scorpio Partnership, global leaders in supplying financial research, world wealth reports and HNW insight to the wealth management industry.
Security - intelligence - maturity-model-ciso-whitepaperCMR WORLD TECH
A Time of Great Risk: The Time Between Compromise and Mitigation
In most organizations today, threat detection is based on various security sensors that attempt to look for anomalous behavior or for known signatures of malicious activity. These sensors include firewalls, intrusion detection/prevention systems (IDS/IPS), application gateways, anti- virus/anti-malware, endpoint protection, and more. They operate at and provide visibility into all layers of the IT stack.
Ways To Protect Your Company From Cybercrimethinkwithniche
The Federal Bureau of Investigation FBI saw a 217 percent increase in Cybercrime Reporting between 2008 and 2021. Last year, losses reached almost $7 billion. This is due to a highly skilled cyber-threat supply network that empowers threat actors with limited know-how and limited resources to put at risk personal, economic, and national security.
Secrets to managing your Duty of Care in an ever- changing world.
How well do you know your risks?
Are you keeping up with your responsibilities to provide Duty of Care?
How well are you prioritising Cybersecurity initiatives?
Liability for Cybersecurity attacks sits with Executives and Board members who may not have the right level of technical security knowledge. This session will outline what practical steps executives can take to implement a Cybersecurity Roadmap that is aligned with its strategic objectives.
Led by Krist Davood, who has spent over 28 years implementing secure mission critical systems for executives. Krist is an expert in protecting the interconnectedness of technology, intellectual property and information systems, as evidenced through his roles at The Good Guys, Court Services Victoria and Schiavello.
The seminar will cover:
• Fiduciary responsibility
• How to efficiently deal with personal liability and the threat of court action
• The role of a Cybersecurity Executive Dashboard and its ability to simplify risk and amplify informed decision making
• How to identify and bridge the gap between your Cybersecurity Compliance Rating and the threat of court action
Understanding the Biggest Cybersecurity Threats for Businesses Today.pdfVLink Inc
"Understanding the Biggest Cybersecurity Threats for Businesses Today.pdf" provides a comprehensive overview of contemporary cyber dangers confronting businesses. Delving into evolving tactics like ransomware, phishing, and data breaches, it equips readers with vital insights and strategies to safeguard their enterprises from digital threats in an increasingly interconnected world.
https://www.vlinkinfo.com/blog/biggest-cybersecurity-threats/
Cybersecurity Risk Management for Financial InstitutionsSarah Cirelli
The New York State Department of Financial Services has been closely monitoring this ever-growing threat and has proposed regulations that would require financial services companies to adopt a cybersecurity program to protect their customers, employees, data and operations. Its proposed changes are expected to take effect on March 1, 2017. Financial services companies would have until Feb. 15, 2018, to submit a certificate of compliance with the program. Components of New York's proposed cybersecurity program are outlined in this article.
Cyber security is the body of technologies and process which practices protection of network, computers, data and programs from unauthorized access, cyber threats, attacks or damages
Cyber-attacks are an alarming threat to all types of businesses & organizations.The risk of a cyber-attack is not just a risk to your company but also to your privacy.Hence, cybersecurity is crucial for every business. Cybersecurity protects critical data from cyber attackers. This includes sensitive data, governmental and industry information, personal information, personally identifiable information (PII), intellectual property, and protected health information (PHI). If you are looking for tools to fight against cyber threats, then Techwave’s tools & technologies with adequate controls will help your organization stay protected.
Cyber-attacks are an alarming threat to all types of businesses & organizations.The risk of a cyber-attack is not just a risk to your company but also to your privacy.Hence, cybersecurity is crucial for every business. Cybersecurity protects critical data from cyber attackers. This includes sensitive data, governmental and industry information, personal information, personally identifiable information (PII), intellectual property, and protected health information (PHI). If you are looking for tools to fight against cyber threats, then Techwave’s tools & technologies with adequate controls will help your organization stay protected.
Intelligence-Driven Fraud Prevention
This RSA white paper discusses the need for new, intelligence-based approaches to manage fraud across digital channels.
What CIOs Need To Tell Their Boards About Cyber SecurityKaryl Scott
Companies are under increasing risks of breaches, theft of intellectual property and erosion of customer trust. CIOs and CISOs need to be able to explain to executive management what's being done to shore up their company's security strategy and defenses.
1
2
Cyber Research Proposal
Cybersecurity in business
Introduction
Because of today's international economy, securing a company's intellectual property, financial information, and good name is critical for the company's long-term survival and growth. However, with the rise in risks and cyber vulnerability, most businesses find it difficult to keep up with the competition. Since their inception, most companies have reported 16% fraud, 37.7% financial losses, and an average of over 11% share value loss, according to data compiled by the US security. Most corporations and governments are working hard to keep their customers and residents safe from harm. There are both physical and cybersecurity risks involved with these threats. According to a recent study, many company owners aren't aware of the full scope of cybersecurity. People who own their businesses must deal with various issues daily.
Nevertheless, steps are being taken to address these issues. Customers and the company are likely to be protected by the measures adopted. Cybersecurity is one of the most pressing issues facing organizations today. Leaks of a company's intellectual property and other secrets may have devastating effects on its operations, as competitors and rivals will do all in their power to stop them. is an excellent illustration of this. This is perhaps the most talked-about security compromise of the year [footnoteRef:3]. The firm was severely damaged because of this. [1: "Database security attacks and control methods."] [2:q "Comprehending the IoT cyber threat landscape: A data dimensionality reduction technique to infer and characterize Internet-scale IoT probing campaigns."] [3: "The Equifax data breach: What cpas and firms need to know now." ]
Some individuals take advantage of clients by stealing highly important information to profit financially from their actions. For example, if the wrong individuals get their hands on your credit card information, you're in serious trouble since you might lose money. Some families lose all their resources, while others are forced to declare bankruptcy after being financially stable for a long period. Many of the findings of this study will be focused on cybersecurity and the sources of cybersecurity risks. The paper outlines a few of the issues and solutions that organizations may use to keep their operations and consumers safe from exploiting dishonest individuals.
Research question
According to the most recent study, more than 1500 companies have been exposed to some cybersecurity assault[footnoteRef:4]. This research details the specific types of attacks that have occurred. Organizational operations are affected, as is corporate governance, and the internal management of financial status is rendered ineffective due to these assaults. The question that will be investigated during the study is: [4: "Towards blockchain-based identity and access management for internet of things in enterprises."]
How doe ...
1
2
Cyber Research Proposal
Cybersecurity in business
Introduction
Because of today's international economy, securing a company's intellectual property, financial information, and good name is critical for the company's long-term survival and growth. However, with the rise in risks and cyber vulnerability, most businesses find it difficult to keep up with the competition. Since their inception, most companies have reported 16% fraud, 37.7% financial losses, and an average of over 11% share value loss, according to data compiled by the US security. Most corporations and governments are working hard to keep their customers and residents safe from harm. There are both physical and cybersecurity risks involved with these threats. According to a recent study, many company owners aren't aware of the full scope of cybersecurity. People who own their businesses must deal with various issues daily.
Nevertheless, steps are being taken to address these issues. Customers and the company are likely to be protected by the measures adopted. Cybersecurity is one of the most pressing issues facing organizations today. Leaks of a company's intellectual property and other secrets may have devastating effects on its operations, as competitors and rivals will do all in their power to stop them. is an excellent illustration of this. This is perhaps the most talked-about security compromise of the year [footnoteRef:3]. The firm was severely damaged because of this. [1: "Database security attacks and control methods."] [2:q "Comprehending the IoT cyber threat landscape: A data dimensionality reduction technique to infer and characterize Internet-scale IoT probing campaigns."] [3: "The Equifax data breach: What cpas and firms need to know now." ]
Some individuals take advantage of clients by stealing highly important information to profit financially from their actions. For example, if the wrong individuals get their hands on your credit card information, you're in serious trouble since you might lose money. Some families lose all their resources, while others are forced to declare bankruptcy after being financially stable for a long period. Many of the findings of this study will be focused on cybersecurity and the sources of cybersecurity risks. The paper outlines a few of the issues and solutions that organizations may use to keep their operations and consumers safe from exploiting dishonest individuals.
Research question
According to the most recent study, more than 1500 companies have been exposed to some cybersecurity assault[footnoteRef:4]. This research details the specific types of attacks that have occurred. Organizational operations are affected, as is corporate governance, and the internal management of financial status is rendered ineffective due to these assaults. The question that will be investigated during the study is: [4: "Towards blockchain-based identity and access management for internet of things in enterprises."]
How doe ...
LogRhythm Reducing cyber risk in the legal sector Whitepaper
1. How legal firms can adopt best practice through
the adoption of security intelligence tools.
Authors: Mark Baker and Tom Salmon
Contributor: Derry Murphy
Reducing cyber risk in the
legal sector – The blurred
boundaries of trust
WWW.LOGRHYTHM.COM
2. This paper aims to discuss and explore the high-level threat
vectors the legal sector faces and then looks into a more granular
inspection on key areas of vulnerability and mitigation options.
Contents
• Executive summary
• High-level threat vectors (criminal & ideological)
»» Mergers & acquisitions
–– Know your clients, what do they do and how could someone
get a competitive advantage with that information.
»» Reputational damage
»» Insider threat
–– Document management systems
–– Cloud storage
–– File & print servers
–– Leave policy
»» Outsider threat
–– Phishing emails
–– FIN4 malware
–– Social media
• Best practice – applying security intelligence & monitoring risk
Reducing cyber risk in the legal sector
THREAT INSIGHT
INFO@LOGRHYTHM.COM PAGE 1
3. Executive summary
Legal firms operate on a trust basis; it’s the cornerstone
of their business. If that essential duty of care to their
clients is broken, the consequences can be far reaching.
A recent survey conducted by Oxford Economics and
Ponemom stated that of the firms who had experienced
a loss of commercially sensitive data, 61% said that this
resulted in a loss of competitive advantage.
In recent years, the playground where criminals are
operating has changed. They’re going un-detected
and operating passively, leveraging insight into critical
information for financial gain or to tarnish reputations.
FireEye’s recent publication on the ‘FIN4’ group2
, sheds light
on how criminals are passively monitoring legal counsels
that have key insight into mergers & acquisitions in order
to gain a financial advantage on stocks or on the future of
firms’ acquisitions.
The trustworthiness of internal employees has also
become harder to monitor as the boundary of the network
has become blurred, coupled with the emergence of
“shadow IT” and the increase in cloud-based file sharing.
While cloud-based services can help streamline operations,
these can limit the ability for already resource-contained IT
security teams to monitor legitimate usage. Therefore, more
creative solutions, in line with legal responsibilities, have to
be employed.
This paper examines the top five use-cases for centralised
monitoring within the legal sector, in order to reduce
cyber risk through quicker detection and response. It
examines why security intelligence solutions provide the
best of breed for monitoring multiple silos of information
and how legal IT security teams can leverage their existing
investments in point-based security technologies in order
to gain valuable insight into malicious activity, while also
streamlining operations.
THREAT INSIGHT - REDUCING CYBER RISK IN THE LEGAL SECTOR
INFO@LOGRHYTHM.COM PAGE 2
4. Defining cyber risk
Cyber risk isn’t just one particular risk, it varies based on the value
and sensitivity of intellectual property and external/internal attack
vectors, but for legal firms it’s predominately client information
that is of high value to criminals or ideological attackers.
The primary impact on legal firms is reputational damage, business
interruption, cyber extortion and loss of competitive advantage.
It’s important to remember that the shift of the risk curve
represents an ongoing trend. Very high-impact risks will become
increasingly frequent, forcing us to become better at protecting
assets and devising creative solutions to mitigate risks.
To translate such impacts to the business has historically been a
challenge. However, an illustrative example is shown in fig 1 using a
basic risk curve which demonstrates the interconnectivity between
the probability of risk occurrence and its potential impact.
As the risk curve progresses right to the ‘long tail’ it represents
a group of very high impact risks with a low probability of
occurrence. The reality of any organisation with resource
constraints is the challenge of addressing risk with high probability
of occurrence and the likelihood of high impact.
Historically, the ‘focus zone’ for legal firms looking to reduce their
risk exposure had been on just information security which included
investments in anti-virus, SPAM control, spyware, basic perimeter
defence etc. But as the threat landscape has evolved - and the
frequency of attacks have increased - the focus zone has shifted to
include cyber security and on risks that historically were deemed
unlikely to occur and thus drawing out the focus zone to point 2.
With PwC stating a 66% annual compound growth rate in the
number of cyber incidents detected3
and the office of national
statistics now saying that cybercrime is the most prevalent and
prolific threat to UK Businesses4
, the threat landscape has
changed and is changing on a daily basis.
This new group of very high-impact risks, commonly referred
to cyber risk, now requires close attention. As illustrated,
below cyber security is the sum of efforts invested in
addressing cyber risk.
This group of risks includes all sorts of scenarios, organisation-
specific tailored malware, stolen certificates, spies and informants,
exploiting legacy vulnerabilities, attacking third party providers
and advanced persistence threats (APT’s).
THREAT INSIGHT - REDUCING CYBER RISK IN THE LEGAL SECTOR
PROBABILITY
IMPACT
RISK
FOCUS
Cyber Security
PROBABILITYPROBABILITY
IMPACT
Information Security
RISK
FOCUS
PROBABILITY
IMPACT
RISK
IMPACT
RISK
FOCUS 1
2
PROBABILITY
IMPACT
RISK
FOCUS
Traditional Security
Information Security
Cyber Security
Information Security
Information Security
INFO@LOGRHYTHM.COM PAGE 3
Figure 1
5. THREAT INSIGHT - REDUCING CYBER RISK IN THE LEGAL SECTOR
An introduction into the security
intelligence imperative
The best approach to gaining insight and visibility whilst
filtering out unnecessary ‘noise’ to the most important
threats is through advanced Security Intelligence (SI).
Just as Business Intelligence (BI) has helped numerous
organisations clear the fog of too many points of seemingly
extraneous business data to find previously unknown
business opportunities, SI does much the same thing with
threat information, enabling organisations to clearly see the
threats that matter.
Across the end-to-end threat detection and response
process, there are two key metrics organisations should
measure and strive to improve: their Mean-Time-to-Detect™
(MTTD™) and Mean-Time-to-Respond™ (MTTR™).
• MTTD is the average amount of time it takes an
organisation to discover and qualify those threats that
could potentially impact the organisation.
• MTTR is the average amount of time it takes an
organisation to fully investigate the threat and mitigate
any risk presented.
CISO’s tip
Cyber attacks can get costly if not resolved quickly.
Ponemon’s recent study4
into the cost of a data breach
in the UK showed a positive correlation between time to
contain attack and the associated costs to the organisation.
With the average attack lasting 31 days and costing on
average £358,796, CISOs now have a local tangible metric
to show a ROI for SI tools. If a threat is detected and
resolved in hours, the business can see improvement and
insight into real-time risk mitigation. The report also found
that companies using SI technologies were more efficient
in detecting and containing cyber attacks. As a result, these
companies enjoyed an average cost saving of more than
£1.3 million when compared to companies not deploying
SI technologies.
The main objective of SI is to deliver the right information,
at the right time, with the appropriate context, to
significantly decrease the amount of time it takes to detect
and respond to damaging cyber threats; in other words, to
significantly improve an organisations MTTD and MTTR
and thus ‘cyber risk’ exposure.
Legal specific use-cases
Legal firms find themselves becoming an ever increasing
target for cyber threats. The threats, which can emanate
internally or externally, are most likely to be from criminal
or ideological groups looking to profit from and/or tarnish
the reputation of law firms.
1. Challenge – mergers & acquisitions – working on behalf of
In today’s business environment, cyber-criminals are
looking to get ahead of the curve by gaining access to
sensitive information. For law firms, particularly the FIN4
group highlighted by FireEye, this means leveraging C-Level
information for financial gain.
FIN4 group – techniques
Targets: Top executives & legal organisations working on
client mergers and acquisitions.
Cyber-criminal example behaviour:
1) Sends out phishing emails containing a specific tracking
ID for each target based on their role, such as partner,
or CEO.
2) Attachment to phishing email contains a malicious
Microsoft Word document. When opened a number of
actions happen:
»» Creates email rules to automatically delete
any incoming emails trying to warn about phishing
or security.
»» Creates a prompt that looks like the Microsoft Outlook
“Please re-enter your login credentials” screen.
»» Stolen credentials are sent to one of a few pre-
determined servers.
»» Criminals login to email servers using the stolen
credentials. Source of the login is always hidden using
Tor, which is not common business practice.
Solution
User Behaviour Analytics (UBA) helps us discover and
respond to the threat of FIN4:
• Monitor Microsoft Exchange email rules for the specific
FIN4 rules.
• Monitor network traffic using an application aware
forensic tool to discover connection to implicated servers
and hosts.
• Monitor access to public facing services, such as email,
from Tor – either from known Tor exit nodes or by
application identification of incoming Internet traffic.
• Monitor incoming network requests from specific browser
strings always used by the automated tools employed by
criminals in the FIN4 network.
INFO@LOGRHYTHM.COM PAGE 4
6. Figure 2: The impact of a breach is directly related to MTTD and MTTR
Figure 3: MTTD and MTTR shrink as security intelligence capabilities grow more mature
THREAT INSIGHT - REDUCING CYBER RISK IN THE LEGAL SECTOR
INFO@LOGRHYTHM.COM PAGE 5
7. THREAT INSIGHT - REDUCING CYBER RISK IN THE LEGAL SECTOR
2. Insider threat
You might think that insider theft, law suits and foreign
espionage were descriptors to Tom Clancy’s next novel,
but these are the facts arising from recent data thefts
from American Superconductor by Sinovel. An American
Superconductor employee in Austria was accused of
stealing valuable software that controls turbines and giving
it to Sinovel Wind Group, a Chinese competitor.
Putting aside the international ramifications of this case,
insider theft is a real factor for any business, particularly
legal firms, based on the nature of their business. It was
highlighted by the Law Firm File Sharing survey1
that
77% of firms rely on a confidentiality statement to secure
communication and nearly half admitted to using free
cloud-based file sharing services such as Dropbox to
transmit privileged information.
Typical methods of exfiltration are USB devices, cloud data
syncing services like Dropbox, self-emailing files to personal
addresses and even printing. In all of these instances, the
employee is using technology to actually perform the theft
or leak. However, their employment is what is granting them
the access needed to carry out their activities. Based on
our experience today, business operations and productivity
should be of the utmost importance and security solutions
should not be an impediment to these.
Therefore passive monitoring rather than prevention should
be adopted initially to highlight breaches or to highlight
violations outside of corporate policy.
Unfortunately, many insider leaks and breaches are
discovered after the event has occurred. This leaves a likely
expensive investigation and potential litigation. Monitoring
insider threat is vital in a CISOs agenda to be able to
reinforce policy into practice.
The reality for law firms is that without the ability to
know exactly what is happening across your IT estate and
understanding what “normal” activity looks like, you’re
behind the curve. Aiding this is the following:
• No centralised visibility
• Multiple ‘point’ based technologies or
multiple dashboards
• No centralised intelligence
• No holistic analytics applied on large datasets
Understanding the behaviour and activity of users is
key to profiling risk. Organisational specific profiles pave
the way for minimal false positives and maximum return
on investment.
Figure 4 – LogRhythm Dashboard demonstrating insight into document management system activity
INFO@LOGRHYTHM.COM PAGE 6
8. THREAT INSIGHT - REDUCING CYBER RISK IN THE LEGAL SECTOR
In Figure 4, we can see a clear overview of user activity.
By applying user behaviour analytics we can understand
when one employee significantly moves out of profile –
exporting, printing, changing, downloading large volumes
of data that they should not access on a daily basis.
3. Disgruntled employee
Leaving employees – monitoring best practice
When an employee hands in their notice it is critical to
perform both retroactive analysis and real-time analytics
on their behaviour. Once they show their intent to leave the
business, they must be viewed as potentially more willing
than most to take intellectual property with them.
A good process for leaving employees includes:
• Reviewing at least 30 days of Internet access
»» Have they uploaded any large files to sharing websites
such as Dropbox?
»» Are they regularly using external email accounts such
as Gmail?
»» Are they using platforms with integrating file exchange
such as Facebook?
• Reviewing DMS and file server activity
»» Have they accessed an unusually large amount of files?
»» How many times did they access more sensitive and
critical information before leaving compared to a
normal week, or another employee?
• Enable real-time alerts and daily reports on leaving
employees:
»» Abnormal increases in access to sensitive data
»» Unusual working patterns
»» Use of removable media, file sharing, document
exchange, large email attachments
4. Targeted phishing emails
Phishing emails represent a real and significant threat to all
organisations. The legal sector in particular relies heavily
on email for communication internally and with external
parties. Most workers can empathise with the commonly
raised complaint of too many emails coming in.
You may have heard the term whaling. This refers to
sending well-crafted emails to very high value targets such
as partners, CEOs and CFO (or other high placed controllers
of finance/payments).
Criminals take advantage of this by crafting well written
phishing emails. They hope that due to the sheer volume of
emails received each day, a busy senior executive is less likely
to spot a small spelling error or notice a minor difference to
the sending email address.
Catching phishing emails requires real-time analysis of the
entire email – both the visible message and the invisible
meta-data used by computer systems to route and process
emails around the world. Some of the key indicators present
in phishing emails are:
• HTML links with a different target than the displayed URL
• Emails coming from domains very similar to your
organisation such as connpany.com rather than
company.com - did you notice the double n instead of m?
• Emails with a Reply-To field set to return emails to a
different recipient than the original sender
• Any emails coming from non-trusted email servers
• Emails that have bounced through many relays and
proxies to disguise the original sender
Analysing emails for these traits increases the chances of
catching and stopping phishing attacks before they progress
to an impacting event.
Conclusion
CISOs in the legal sector need to be aware of the potential
impact of a broad range of threats. Historical investments in
point based solutions are becoming less valuable as attacks
evolve and adversaries apply new techniques to disrupt and
damage legal firms.
A key trend to maximise investment in security technology is
centralised monitoring and real-time analytics. By combining
these two approaches, law firms can detect a wide range
of threats, and respond to them quickly. Reducing cyber
risk involves adopting creative solutions in order to reduce
frequency and impact. Having a solution in place where
those driving the platform understand the environment in
which they operate, is a huge advantage to adopting and
responding to specific legal targeted threats in real time.
Those who have outsourced without laying the right log
management foundation will find that their MTTD & MTTR
is reduced in two ways. Firstly by adding another silo and
communication layer to their solution and secondly, the risk
of that third-party not truly understanding the context of
your environment and adapting to the constant change of
the business.
INFO@LOGRHYTHM.COM PAGE 7