Recently, we hosted a webinar ”How Law Firms Are Using Threat Intelligence to Improve Cyber Defenses & Reduce Risk”, in collaboration with the Information Legal Technology Association (ILTA). The webinar featured a panel of cyber experts from the legal services industry that provided perspectives on a range of topics including the most significant cyber risks and challenges facing law firms, how and why law firms are using threat intelligence, and the benefits they get from using ThreatBlockr as part of a layered security approach. In this blog, we will provide the key takeaways from the webinar.
Biggest Cybersecurity Risks and Challenges Facing Law Firms
When asked about the biggest cybersecurity risks and challenges facing law firms, our expert panel identified three high level themes:
1. Continually Increasing Cyber Threats & Risks
The panel was unanimous in their view that the threat landscape for law firms continues to intensify. This is not surprising as law firms represent hubs of information that span many clients making it easier and more lucrative for attackers to target one law firm in an attempt to gain access to valuable information for multiple clients. In addition to ransomware and zero-days being identified as the biggest threats, all of the panelists highlighted end users as representing their biggest risk. As far as what is being done to mitigate these risks, these included end user training, layered security controls, and the use of threat intelligence.
2. Growing Third-Party Pressure From Clients
The second key theme was growing pressure from law firm clients who are looking for law firms to up their cybersecurity games. This is directly related to a significant increase in focus on third-party risk as third party partners have emerged as a growing threat vector over the last few years. Recent events like SolarWinds, Microsoft, and Accellion have only magnified the focus on third-party risk. As a result of this, law firms are not only seeing an increased volume of cybersecurity questionnaires from clients but also an increase in the breadth and depth of information clients are looking for. In order to meet these increasing requirements, law firms are having to better demonstrate that they have proper policies and security controls in place.
3. Lack of Resources a Significant Challenge
Last but not least, a lack of resources was indicated to be a significant challenge. This is not surprising as the majority of the law firms are small and mid-sized firms. Smaller law firms face the same challenges as larger firms but operate with fewer resources. For example, many small and mid-sized firms don’t have the luxury of operating with dedicated security staff. Our panel highlighted several ways they look to overcome this challenge including being smarter and more efficient in their security operations overall, constantly innovating in terms of security technologies being used, focusing on controls that are highly automated, and leveraging outsourced security monitoring from an MSSP.
Law Firms Increasing Their Use of Threat Intelligence
One of the key trends we see here at ThreatBlockr is a significant increase in law firms using threat intelligence. This trend was validated by our expert panel all of which are using threat intelligence in some way shape or form.
When we talk about threat intelligence in this context, we are talking about threat intelligence from multiple sources or what we refer to as multi-source threat intelligence. This is threat intelligence that goes beyond the proprietary threat intelligence that powers many existing security controls like next-generation firewalls. It is threat intelligence from commercial threat intel specialists, open source, government, and industry sources.
As far as the types of threat intel being used, all of the panelists highlighted the ThreatBlockr platform as being a critical component of their threat intelligence strategy and capabilities. The ThreatBlockr platform provides tens of millions of “out-of-the-box” threat indicators from multiple, best-in-class sources.
Panelists also highlighted several other sources of threat intelligence including:
- U.S. Cybersecurity & Infrastructure Agency (CISA) alerts
- CVE databases
- Various threat intel listservs
- Dark Web searches
- Peers – ranging from forums & groups (i.e. monthly CIO meetings) to the use of ISACs/ISAOs like LS-ISAO
The key reason more law firms are using threat intelligence is because there are multiple, tangible benefits, including improving visibility into threats, strengthening cyber defenses, and reducing risk. One of the panelists indicated that “threat intelligence empowers us to make better faster decisions and to amplify their impact.” The use of threat intelligence is also helping law firms address the increasing expectations their clients have related to third-party risk.
How ThreatBlockr is Helping Law Firms Use Threat Intelligence To Strength Defenses & Reduce Risk
With all of our expert panelists being ThreatBlockr customers, this was a great opportunity to hear first hand how our platform is helping them with their security efforts.
Arnall Golden Gregory LLP
The firm learned about ThreatBlockr from AIG, their cyber insurance provider. One of the benefits that AIG provides to qualifying AIG CyberEdge customers is a complimentary ThreatBlockr subscription and a set-top hardware appliance. The firm deployed ThreatBlockr as part of a layered security architecture to block and help protect it from bad actors and malicious IP connections. They are also integrating log data from ThreatBlockr and other sources into Gravwell’s Data Fusion platform in order to detect and monitor threat activity, including ransomware.
Evans & Dixon LLC
Evans & Dixon’s CIO came across ThreatBlockr several years ago at a trade show and was intrigued. The firm had just deployed a brand new next-gen firewall with all the bells and whistles. This was just one part of a layered security approach that also included a secure web gateway, endpoint security, and outsourced security monitoring from an MSSP. While most customers deploy ThreatBlockr in front of their firewall, they wanted to evaluate ThreatBlockr by placing it behind the firewall so they could see what was getting through the firewall. The CIO described the experience as “eye opening” in terms of the visibility into the traffic was getting through the firewall. This included significant probes from China and other countries among other things. After a successful evaluation, the firm deployed the ThreatBlockr platform in front of the firewall in an effort to block the bad traffic before it hit their firewall. ThreatBlockr is now a key component of the firm’s multi-layered security approach.
Wilson Allen provides software and services to law firms and professional services firms. Wilson Allen is using ThreatBlockr internally and is also building a service capability around the platform that it will offer to customers. Wilson Allen’s Director, Infrastructure & Security was intrigued when he first spoke with ThreatBlockr but wanted to evaluate the platform to quantify the value. He described the evaluation as “eye opening” and “mind blowing” in terms of the “sheer amount of connections coming from bad actors vs. legitimate sources.” He pointed to 50% of network connections being denied by ThreatBlockr. He also highlighted several key points of value including the ability to use large volumes of diverse threat intel, ease of use, and a set it and forget it approach.
The webinar and our expert panel reinforced several of the key themes we see here at ThreatBlockr. Cyber threats facing law firms continue to increase. The pressure from law firm clients to “up their security game” continues to increase due to a more intense focus on third-party risk. A lack of resources is a significant challenge when it comes to law firms’ cybersecurity efforts.
The great news is that the panel also demonstrates that law firms are stepping up their cyber efforts and more law firms are using threat intelligence as a means to improve visibility into threats, strengthen cyber defenses, and reduce risk. The panel also dispels a threat intelligence myth, which is that you don’t have to be a large, well resourced organization to use threat intelligence.
Watch the on-demand version of How Law Firms Are Using Threat Intelligence to Improve Cyber Defenses and Reduce Risk