eSentire Report: 46 Percent of Legal Organizations to Experience a Cybersecurity Incident in the Next Year
eSentire and Ilta Release the Legal Industry’s First Dedicated Threat Report
eSentire, Inc., the global leader in Managed Detection and Response (MDR), in collaboration with the International Legal Technology Association (ILTA), announced the release of the inaugural Threat Intelligence Spotlight on the Legal Industry.
The need to protect sensitive business and personal data made the legal industry one of the earliest adopters of Managed Detection and Response technologies, and eSentire’s Legal Industry Threat Intelligence Spotlight draws upon the anonymized network traffic from the dozens of law firms within eSentire’s 650-plus customer base.
Mark Sangster, VP and Industry Security Strategist, eSentire said: “One key finding from the report reveals that 46% of legal organizations will experience a cybersecurity incident within the next 12 months. This high incident rate occurs even as law firms continue to improve their overall cybersecurity hygiene and are considered one of the more mature industries in protecting client assets from cyber criminals. This improved posture has resulted in firms having a lower incident rate for nuisance cyberattacks when compared to other industries, such as healthcare, manufacturing and energy.”
This trend comes at a time when ILTA research shows that while firms are beginning to embrace emerging technologies, funding for security and general employee training is starting to wane. This combination is especially dangerous as cyber criminals are increasingly using exploitations focused on internal systems and cloud services. A fundamental lack of employee training leaves firms vulnerable to exploits and breaches caused by unintentional user errors, misconfiguration of security and privacy controls, and exploitation through phishing campaigns and fake invoices.
Joy Rush, CEO, ILTA said: “The more legal professionals know about the cyberthreats targeting the legal industry, the better decisions they are able to make about their cybersecurity priorities. By publishing anonymized, cybersecurity incident data from legal organizations, reports like the Threat Intelligence Spotlight on the Legal Industry have helped to create invaluable resources for any legal professional concerned about cybersecurity.”
Additional findings from the Threat Intelligence Spotlight on the Legal Industry include:
- Almost 20% of IT assets in law firms are susceptible to being exploited by a high or critical severity vulnerability
- Top internal threats come from email or drive-by downloads, with unique lures that mimic Adobe Cloud services and American Express credit products that cater to high net-worth individuals and frequent travelers
- MalDocs remain dangerous by leveraging Microsoft macros to deliver malware that collects credentials, logs keyboard inputs and captures screenshots