Beware Of Big Hacking In Biglaw

Is your law firm prestigious enough to be targeted by Russian hackers? Check out this list of almost 50 Biglaw targets.

The hackerIt seems that Russian hackers are every bit as prestige-obsessed as second-year law students going through on-campus interviewing. The nearly 50 law firms targeted by cyber-criminal “Oleras” and his (or her) gang are some of Biglaw’s biggest and best names. If you take the nation’s 15 most prestigious law firms, you’ll see 13 of them on the list of targets.

The missing two? Litigation powerhouses Boies Schiller and Quinn Emanuel, which makes a certain amount of sense. According to the Wall Street Journal and Crain’s Chicago Business, the hackers’ goal was to steal confidential client information for purposes of insider trading. Litigation shops like Boies and Quinn, working on publicly filed cases, just aren’t as tempting targets compared to M&A giants like Skadden and Sullivan & Cromwell, who have advance notice of market-moving mergers.

On the bright side, as we noted earlier today, there’s no indication (yet) that the hackers succeeded, in terms of either obtaining actionable information or trading on it. And also on the bright side, the threat — apparently discovered by cybersecurity firm Flashpoint, and now under investigation by federal authorities — has caused top law firms to review and shore up their cyberdefenses as necessary. Firms are also signing up to join the information-sharing group about cyberthreats formed by Financial Services Information Sharing and Analysis Center (FS-ISAC), which seems like a step in the right direction.

The episode does raise a question, though: why lawyers? They don’t get paid like investment bankers or traders, nor do they get the same kind of glory — movies like The Big Short or The Wolf of Wall Street don’t get made about transactional attorneys, no matter how prestigious their firm or strong their pedigree. So why don’t hackers focus on the Wall Street titans and leave the poor paper-pushing lawyers alone?

One can think of a few possible reasons. First, hackers might see corporate lawyers as the soft underbelly of the financial sector — or, as columnist Keith Lee put it, “a back door to the valuable data of their corporate clients.” Many Wall Street workers are comfortable with math and science and know a thing or two about technology; lawyers, not so much. Many of us (myself included) went to law school because we’re more comfortable working with words than with stats. So attorneys might be, on average, less tech-savvy than Wall Streeters, and therefore more likely to fall for, say, a random phishing email. If a brilliant Harvard Law School professor can fall for a phishing scam, any lawyer can.

Second, compared to the highly regulated financial-servies industry, Biglaw is simply more lax than Wall Street when it comes to internal controls and cyberdefense. Take the trend of preventing lawyers from accessing personal email while at work (a trend many lawyers don’t like, although note this possible solution, a product called Silo by Authentic8). This policy is taking hold only now at law firms, but it has been in place at many Wall Street firms for years (as many of you might know from your friends working at Goldman Sachs or Morgan Stanley).

What can you do to protect yourself and your law firm against cyberthreats? This was a major theme of the recent ABA TECHSHOW conference, which I had the pleasure of attending and presenting at, and I might share some of what I learned in a future post. In the meantime, read the prior posts of Jeff Bennion and Keith Lee for insights and guidance on this important topic.

Sponsored

That’s it for the public service announcement. Is your law firm prestigious enough to be targeted by Russian hackers? Flip to the next page to see if your employer made the list of 48 law firms targeted by the mysterious mastermind “Oleras.”

Sponsored

CRM Banner