The most significant danger to law firms is not targeted attacks, but the everyday attacks that everybody is experiencing. The difference is that a law firm’s cybersecurity breach can substantially impact the firm and its client. Medical histories, relationship details, financial records, trade secrets, and more are all stored with lawyers.
Widespread generic and sophisticated targeted attacks are common within the legal industry. Both affect small and Big Law. But the traditional hierarchy in these large firms is the inverse of the threat that hit them. In this case, attackers don’t go after the top of the law firm pyramid— the named partners. Instead, non-lawyer professionals are a bigger target—sometimes because they have root-level access to many systems. A legal secretary will have access to her email and those of the lawyers she supports. A paralegal can access knowledge libraries, case files, and client documents. IT professionals will have administrative software privileges broader than the managing partner. Law firms need to consider cybersecurity from the bottom up in their staffing.