A few weeks ago we wrote in one of our blogs, cyber-security-lessons-for-law-firms “….for law firms the safety and security of their own and clients’ data is not only a legal and compliance requirement, it is also essential to their….survival.”
This is a question worth considering because the reasons behind the hacking of law firms can serve to better illustrate the security needs peculiar to law firms.
Take the example of New York law firms Cravath Swaine & Moore and Weil Gotshal & Manges. According to reports in the Wall Street Journal and Fortune during 2016 both these prestigious firms were hacked in an insider-trading scheme that involved planned mergers. The motive was clear, financial gain. And what better way to get information about future corporate mergers than to target firms active in the M&A market. Both firms it should be said denied that there was evidence of anyone benefiting from the hack although they did not deny that there had been a hack.
In 2012 Bloomberg reported that Wiley Rein, one of the largest law firms in Washington, DC was hacked – reputedly by Byzantine Candor, linked to the Chinese People’s Liberation Army. Of course accusations of cyber attacks by nation states are easy to make but harder to prove. At around the same time twenty other companies including nine law firms were hacked by the same or linked groups. The motive was apparently industrial espionage and the reason these specific law firms were targeted is instructive to consider.
All the law firms hacked were engaged in activities relating to China: pursuing trade claims on behalf of US firms against Chinese exporters or acting on behalf of oil & gas companies drilling or bidding for drilling rights in seas near or claimed by China. In the case of Wiley Rain the firm was acting on behalf of SolarWorld which at that time was also hacked by the same group (Byzantine Candor). Why?
SolarWorld was scaling up for mass production of Passivated Emitter Rear Contact (PERC) solar cells, one of the first manufacturers in the world to do. At the same time they were fighting a trade case against the importation of solar cells from China citing unfair competition. Engineering and other IP was stolen and coincidentally a Chinese solar cell manufacturer brought a PERC solar array to the market 18 months before they were expected to do so.
Well, the reason is simple. Even a mid-sized law firm can have in its files all the information needed by someone wishing to profit from merger and acquisition, from bidding for drilling rights, for copyright or intellectual property, planning changes and rezoning.
For any sizeable business the law firm used will probably have access to sensitive information about your company. For hackers seeking industrial secrets those law firms which specialise in Intellectual Property are a prime target. But all law firms are an attractive target for hackers.
When you are thinking about security for your law firm consider that Microsoft spends over $1 billion each year on cybersecurity and have been doing so since 2015 if not earlier. Most of this cybersecurity budget goes on innovation – not just on salaries or other running costs.
If you would like to speak with a Microsoft partner that understands service and the capability of the Microsoft Cloud then please contact our sales team on