Law Firms are Raising the Bar on Cybersecurity

Corresponding with recent increases in threat actor activity in the legal industry, law firms are investing more time and attention in modernizing security operations. Both midsize and large law firms are increasingly engaging with cybersecurity partners to help detect, investigate, and contain potential breach activity, including support for incident response and digital forensics. An important requirement of many law firms is maintaining control over alert and log data. Thanks to increased cloud adoption, law firms have better options. Those include services like Azure Lighthouse within Azure Cloud that can serve as core components to a broader zero-trust security architecture. As a leading cybersecurity provider, BlueVoyant's detection and response architecture align directly with these access control requirements. Our unique approach to using Microsoft technology within a law firm's environment is made possible by cloud technologies, such as Azure Lighthouse, that facilitate granular role-based and auditable access control. This design keeps all raw log data, detection content, workbooks, dashboards, playbooks, and data connectors in our client's Azure tenant where they maintain Global Admin. That is also valuable for our customers developing security expertise. Their security teams can operate alongside BlueVoyant experts in a co-managed model. Acquiring or controlling sensitive data is often the goal of threat actors targeting law firms and is usually related to specific clients or ongoing casework. Achieving access or maliciously encrypting data related to mergers and acquisitions or potential litigation can be directly damaging to the law firm and the client's business interests and valuable to the right buyer. Merger and acquisition data, financial information, and business records. An increasing number of law firms are standardizing on Microsoft M365 productivity and collaboration tools. Rapid advancements in Microsoft security technologies, like Defender, Entra, and Purview, can effectively govern sensitive data, detect threat actors - and have been welcomed by the legal industry. BlueVoyant leverages signals and telemetry from these Microsoft technologies extensively in our Managed Detection and Response services to help identify access attempts before they can become a data breach. BlueVoyant also recommends that law firms build toward industry-standard security frameworks and controls, such as Center for Internet Security benchmarks, which can help to minimize organizational attack surface and opportunities for threat actors to gain access to networks. About 83% of respondents say they've taken steps to assess their cyber risk, and 69% have invested in cybersecurity solutions to mitigate risk. Unlike most other types of insurance, cyber insurance is difficult because threats are highly unpredictable, and there is little historical data available about threat trends. MDR providers, incident response teams, and law firms work as one to demonstrate compliance and help assess risk. Teaming with MDR providers to demonstrate a lower risk security posture to your insurer or broker can help law firms achieve their required coverage at a manageable cost. BlueVoyant has collaborated with Microsoft to document the deployment, configuration, and management of M365 Defender tools in specific client environments, Thereby confirming a heightened security posture with ongoing expert oversight. BlueVoyant is recognized as a preferred cybersecurity vendor for many leading global insurers and brokers and is on over 20 insurance company panels. Coupled tightly with cyber insurance are considerations around Digital Forensics and Incident Response, including incident response planning. Incident Response includes hunt operations, containment, and eradication of persistent threat actors within a network. Cloud-native digital forensics, investigations, digital evidence gathering, chain of custody and secure evidence storage in the client environment help identify and analyze current and past threats. DFIR includes legal testimony that supports the client all the way to the courtroom. A recent Pulse-Report by BlueVoyant on cybersecurity challenges facing all businesses reveals that budget constraints are at the top of the list, followed by too many false positive alerts and the complexity of dealing with a high number of vendors and technologies. Security tool sprawl is a well-known issue to CISOs, with integration being a substantial resource draw on engineering teams. Threat detection fidelity, automation, and orchestration are also limited, causing security experts to waste their time on false positives and manually closing routine security incidents that could be automated. When security analysts need to wade through logs and alerts without clear metrics and limited intelligence, contextual data, or correlation, it's difficult to identify meaningful patterns, threat routes, and infiltration across an organization's entire digital estate. Our experience has shown that as firms move increasingly to the cloud, attention paid to data governance, security value, and detection methodology at the beginning of a project will pay dividends in the form of more manageable costs over time. Log data generation, collection, analysis, and retention are classic examples of cloud costs being highly variable unless a plan is in place before migration. Cybersecurity partnerships can reduce costs and resource constraints for SOC operations. Many law firms are turning to BlueVoyant MDR to improve their cybersecurity posture. At BlueVoyant, achieving a mature security posture is more than just analyzing alerts - it's about becoming an extension of our customer's IT and security teams. BlueVoyant MDR is essential in helping law firms remain secure, protect their client data, and be compliant. We also help our law firm clients control their security data and offer services beyond MDR, including digital forensics, incident response, and litigation support. 2022 Advisen-Zurich survey illuminates growing cybersecurity concerns Retrieved Jan. 11, 2022 from https://www. Htmlost of a data breach report 2022 of a data breach report 2022.

This Cyber News was published on www.bluevoyant.com. Publication date: Wed, 01 Feb 2023 14:34:02 +0000


Cyber News related to Law Firms are Raising the Bar on Cybersecurity

Law Firms and Legal Departments Get Singled Out For Cyberattacks - Cyberattackers are doubling down on their attacks against law firms and corporate legal departments, moving beyond their historical activity of hacking and leaking secrets to targeting the sector with financial attacks, such as ransomware and ...
1 year ago Darkreading.com
How Cybersecurity for Law Firms has Changed - The public nature of the legal system makes law firms particularly vulnerable to a growing number of cybersecurity risks. Law firms have unique access to highly confidential client information and as a result, face a growing number of federal, ...
11 months ago Securityboulevard.com
Law Firms are Raising the Bar on Cybersecurity - Corresponding with recent increases in threat actor activity in the legal industry, law firms are investing more time and attention in modernizing security operations. Both midsize and large law firms are increasingly engaging with cybersecurity ...
1 year ago Bluevoyant.com
Student Cybersecurity Clubs: Fostering Online Safety - Student cybersecurity clubs are playing a crucial role in promoting online safety among students. Student cybersecurity clubs play a vital role in this regard, as they provide a platform for students to learn about the latest threats, share best ...
11 months ago Securityzap.com
Fortinet Contributes to World Economic Forum's Strategic Cybersecurity Talent Framework - Shining a light on the cybersecurity workforce challenge, the World Economic Forum recently published its Strategic Cybersecurity Talent Framework, which is intended to serve as a reference for public and private decision-makers concerned by the ...
7 months ago Feeds.fortinet.com
How to become a cybersecurity architect - Cybersecurity architects implement and maintain a comprehensive cybersecurity framework to protect their company's digital assets. The cybersecurity architect position is a fundamental role that all organizations need, said Lester Nichols, director ...
5 months ago Techtarget.com
Growing threats outpace cybersecurity workforce - The cybersecurity skills shortage threatens the well-being and even survival of numerous businesses as cybersecurity threats grow more numerous, sophisticated, and dangerous to the point that cybersecurity groups have vowed not to pay ransom demands. ...
10 months ago Legal.thomsonreuters.com
Cybersecurity Curriculum Development Tips for Schools - With the constant threat of cyber attacks, schools must prioritize the development of a robust cybersecurity curriculum to equip students with the necessary skills and knowledge. This article provides valuable insights and tips for schools aiming to ...
11 months ago Securityzap.com
The Importance of Cybersecurity Education in Schools - Cybersecurity education equips students with the knowledge and skills needed to protect themselves and others from cyber threats. Cybersecurity education can teach students about the impact of cyberbullying, how to prevent it, and how to respond ...
1 year ago Securityzap.com
A Comprehensive Look at the Financial Firms in European Union and Their Rules on Cloud-Based Services - Today's technology has opened up a world of possibilities for financial firms, especially with cloud-based services. Financial institutions are now able to access a great deal of information over the internet in an efficient and timely manner. ...
1 year ago Tripwire.com
Cyberattackers leaked data of 27,000 NYC Bar Association membersers - The New York City Bar Association confirmed that the data of more than 27,000 members and employees was leaked during a cyberattack nearly a year ago. In filings with regulators in Maine and Vermont, the organization said an investigation completed ...
1 year ago Therecord.media
Why Cybersecurity Businesses Need a Real-Time Collaboration Tool - When the Cybercrime in a Pandemic World study was released in late 2021, the report noted that cybersecurity threats had risen 81% since the coronavirus raised its ugly head. It was a time of restrictive lockdowns, stay-at-home orders, and mask ...
1 year ago Hackread.com
Understanding the New SEC Rules for Disclosing Cybersecurity Incidents - The U.S. Securities and Exchange Commission recently announced its new rules for public companies regarding cybersecurity risk management, strategy, governance, and incident exposure. "Currently, many public companies provide cybersecurity disclosure ...
1 year ago Feeds.dzone.com
Digital Learning Tools for Cybersecurity Education - In the field of cybersecurity education, digital learning tools have become indispensable. This article explores various digital learning tools tailored specifically to cybersecurity education. These digital learning tools play a crucial role in ...
11 months ago Securityzap.com
What the cybersecurity workforce can expect in 2024 - For cybersecurity professionals, 2023 was a mixed bag of opportunities and concerns. The good news is that the number of people in cybersecurity jobs has reached its highest number ever: 5.5 million, according to the 2023 ISC2 Global Workforce Study. ...
11 months ago Securityintelligence.com
Cybersecurity Training for Business Leaders - This article explores the significance of cybersecurity training for business leaders and its crucial role in establishing a secure and resilient business environment. By examining the key components of effective training programs and the ...
10 months ago Securityzap.com
How to Avoid Falling Below the Cybersecurity Poverty Line - The security poverty line broadly defines a divide between the organizations that have the means and resources to achieve and maintain mature security postures to protect data, and those that do not. It was first coined by cybersecurity expert Wendy ...
1 year ago Csoonline.com
Gamification in Cybersecurity Education - Gamification has become increasingly prevalent in numerous domains, including cybersecurity education. Gamification presents a promising approach to meet this challenge, making cybersecurity education both effective and enjoyable. One way to ...
11 months ago Securityzap.com
European firms urge China to give more clarity on data transfer laws - AP Moeller - Maersk A/S Siemens AG BEIJING, Nov 15 - European firms "Urgently" need China to give clearer definitions of key terms in its cross-border data transfer rules, a European business lobby group said on Wednesday, warning firms also stood to ...
1 year ago Reuters.com
The law enforcement operations targeting cybercrime in 2023 - In 2023, we saw numerous law enforcement operations targeting cybercrime operations, including cryptocurrency scams, phishing attacks, credential theft, malware development, and ransomware attacks. While some of these operations were more successful ...
11 months ago Bleepingcomputer.com
Ransomware, Data Breaches Inundate OT & Industrial Sector - Three-quarters of industrial firms suffered a ransomware attack in the past year, with far more compromises affecting operational technology than ever before - representing a surge in attacks driven by both the industrial sector's vulnerability and ...
1 year ago Darkreading.com
Cyber Employment 2024: Sky-High Expectations Fail Businesses & Job Seekers - Well-publicized estimates of a massive shortfall in cybersecurity workers have resulted in high expectations among job seekers in the field, but the reality often falls flat, because of a mismatch between companies' requirements and job seekers' ...
11 months ago Darkreading.com
Key cybersecurity skills gap statistics you should be aware of - As the sophistication and frequency of cyber threats continue to escalate, the demand for skilled cybersecurity professionals has never been bigger. The skills gap is not merely a statistical discrepancy; it represents a substantial vulnerability in ...
11 months ago Helpnetsecurity.com
Victory! Grand Jury Finds Sacramento Cops Illegally Shared Driver Data - For the past year, EFF has been sounding the alarm about police in California illegally sharing drivers' location data with anti-abortion states, putting abortion seekers and providers at risk of prosecution. We thus applaud the Sacramento County ...
5 months ago Eff.org
Cybersecurity Workshops for Students - Cybersecurity workshops for students serve as an effective means to educate and empower the younger generation in protecting their digital assets. With proper planning and organization, cybersecurity workshops enable students to navigate the digital ...
11 months ago Securityzap.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)