Cyber risk and advisory programs that identify security gaps and build strategies to address them.
MDR that provides improved detection, 24/7 threat hunting, end-to-end coverage and most of all, complete Response.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Be protected by the best from Day 1.
24/7 Threat Investigation and Response.
Expert hunting, research and content.
Defend brute force attacks, active intrusions and unauthorized scans.
Safeguard endpoints 24/7 by isolating and remediating threats to prevent lateral spread.
Investigation and enhanced threat detection across multi-cloud or hybrid environments.
Configuration escalations, policy and posture management.
Detects malicious insider behavior leveraging Machine Learning models.
Customer testimonials and case studies.
Stories on cyberattacks, customers, employees, and more.
Cyber incident, analyst, and thought leadership reports.
Demonstrations, seminars and presentations on cybersecurity topics.
Information and solution briefs for our services.
MITRE ATT&CK Framework, Cybersecurity Assessment, SOC Calculator & more
Five years ago, at a major legal technology conference in New York City, the topic of cybersecurity was overshadowed by a sea of document management and billing system vendors. eDiscovery captured the lion’s share of attention. Arguing that law firms must address cyberthreats was like telling attendees that the world was about to be invaded by marauding aliens from another galaxy. Then, like the movie “Independence Day,” cyberthreats arrived and hovered over law firms, preparing for a global assault.
The attack on Wall Street law firms Cravath, Swaine & Moore LLP and Weil, Gotshal & Manges LLP demonstrated how stolen FDA fillings and press releases could be used to make millions of dollars in illegal stock trades. The Paradise Papers and Panama Papers demonstrated that hackers could monetize or weaponize even innocuous tax law files. Ransomware attacks collected a pirate’s bounty in payments, cost a small fortune in lost billable hours and did untold damage to many firms’ reputations. Today, ransoms are morphing into extortion as hackers demand payment to avoid exposure of damaging information. Even nation state actors target law firms, finding it easy to access their lucrative clients or working in retaliation for political actions, as demonstrated in the case studies below.
The risk to law firms is apparent. In October 2018, the American Bar Association (ABA) issued a Formal Opinion, expanding on Rule 1.4. Formal Opinion 483 references a “duty of competence,” an “obligation to monitor for a data breach” and the necessity to “stop the breach” and “determine what occurred.” The duty to competence explicitly references a 2012 modification to Rule 1.1 that obligates law practitioners to understand the risks of the technology they use.
As the nexus of the global economy, the legal community establishes and interprets legislation, shepherds’ mergers and acquisitions, drives patent and files intellectual property claims. This myriad of highly profitable, confidential information ensures law firms will remain a preferred cybercriminal target. In fact, eSentire data shows law firms are one of the top five industries targeted by cybercriminals. Various reporting agencies find similar results with law firms accounting for almost 10 percent of breaches.
As an industry, law firms have improved their overall cybersecurity practices, which has resulted in a lower than average amount of nuisance cyberattacks as compared to other industries such as healthcare, manufacturing and energy. Legal and IT practitioners no longer smirk with disbelief when they hear about elaborate cyberattacks on their counterparts. Now discussions center on ways to reduce risk, advanced measures of performance and bringing all levels of a firm into training, incident simulations and board-level planning.
eSentire’s security analysts are pitted against smash-and-grab thugs, criminal cartels and nation state actors. Every year, eSentire Security Operations Center (SOC) teams analyze billions of indicators of compromise to identify real threats and contain attacks before they disrupt our clients’ businesses. This mission critical data contains a trove of enlightening trends and patterns that can be used to identify top vulnerabilities, popular attack vectors and tradecraft used by cybercriminals.
In law enforcement parlance, “means, motives and opportunities” should frame the tenants of your cybersecurity program. Knowing your adversaries’ capabilities helps focus priorities. Identifying their opportunities flags your security gaps or vulnerabilities. And, of course, knowing their motives highlights what assets they seek and which ones you must protect.
Today we are releasing our inaugural Threat Intelligence Spotlight on the Legal Industry, a report that provides a wealth of information that law firms can leverage to reduce their cyber risk profile. The report explores the most common malware, top vulnerabilities and phishing lures used to infiltrate law firms. As the expression goes: “A wise person gets more use from his enemies than a fool from his friends.” This report provides a focused exploration of the actions of your adversaries, along with actionable recommendations to improve your ability to protect your clients and reputation.
The full report can be downloaded here: https://www.esentire.com/resource-library/2019-legal-threat-report/
Get notified of the latest news, intel and helpful tools & assets. You can unsubscribe anytime.
eSentire is the Authority in Managed Detection and Response, protecting the critical data and applications of 1500+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events. Combining cutting-edge machine learning XDR technology, 24/7 Threat Hunting, and proven security operations leadership, eSentire mitigates business risk, and enables security at scale. The Team eSentire difference means enterprises are protected by the best in the business with a named Cyber Risk Advisor, 24/7 access to SOC Cyber Analysts & Elite Threat Hunters, and industry-leading threat intelligence research from eSentire’s Threat Response Unit (TRU). eSentire provides Managed Risk, Managed Detection and Response and Incident Response services. For more information, visit www.esentire.com and follow @eSentire.