What We Do
How we do it
Resources
TRU INTELLIGENCE CENTER
Our Threat Response Unit (TRU) publishes security advisories, blogs, reports, industry publications and webinars based on its original research and the insights driven through proactive threat hunts.
View Threat Intelligence Resources →
SECURITY ADVISORIES
Aug 17, 2022
Increase in Observations of Socgholish Malware
THE THREAT Starting in early August 2022 and continuing through the month, eSentire identified a significant increase in Socgholish (aka. FakeUpdates) malware incidents. Socgholish is a loader type…
Read More
View all Advisories →
Company
ABOUT ESENTIRE
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 1500+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
LATEST PRESS RELEASE
Sep 20, 2022
eSentire Recognized as Top Global MDR Provider by MSSP Alert, CrowdStrike and G2
Waterloo, ON - September 21, 2022 – eSentire, Inc., the Authority in Managed Detection and Response (MDR), celebrated multiple industry recognitions as the leading global MDR provider, over the last week: Named #9, and the top pure play MDR provider on MSSP Alert’s Top 250 MSSPs global rankingRecognized as the CrowdStrike 2022 Global MSSP Partner of the Year Earned G2’s industry-renowned status…
Read More
Partners
PARTNER PROGRAM
e3 Ecosystem
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Learn more
ECOSYSTEM PARTNER RESOURCES
Apply to become an e3 ecosystem partner with eSentire, the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Search
Resources
Blog — Sep 13, 2018

Law firms: you can't buy yourself out of risk

3 minutes read
Speak With A Security Expert Now

While no amount of insurance can protect your reputation, you also can’t buy yourself out of the cyber risks that threaten your reputation either. eSentire recently conducted research with 1,250 senior IT and security executives across financial, healthcare, legal, manufacturing, telecommunications, and other industries to gauge their risk tolerance, security maturity, and top threats.

The sample included more than 160 law firm executives (from medium to large firms), and we found that law firms were among some of the highest spenders on security yet were susceptible to some of the most common risks. And the issue will grow over the coming years as the demands of the business drive the adoption of emerging technologies, such as cloud and Artificial Intelligence (AI).

Law Firms’ Overall Spend on Security Is Among the Highest

Law firms rival their much larger counterparts, telecom companies, when it comes to security spend as a percentage of IT spend. Lowest of any industry, non-firms reported spending less than 5% on security. Only 21% of firms spent between 5-10%; whereas 40% spent 11-30%, and 29% spent up to half of their IT budget on security. It’s a good news, bad news scenario. The good news is law firms have awoken to the threat of cyber-attacks, the potential consequences and are responding with a commitment to security efforts.

Law Firms Are Most Susceptible to Common Security Risks

And now the bad news. Most law firms report that they are susceptible to common security risks and demonstrating table stakes security efforts. Approximately 60% of law firms struggle to manage both malware and non-malware born attacks, leading to significant IT or business impacts. What’s worse, the same percentage of firms struggle to bear the growing cost of security efforts, manage and report the status of security risks and patching, and fail to demonstrate the value of IT spend to senior management. A further 58% report difficulties complying with clients or regulators or aligning to risk management requirements.

The Cycle of Despair

The research identified a cycle of despair across all industry segments tied to the gravitational struggle between the demands of the business and the desire to manage risks. The IT department is caught between the demand to remain competitive through the adoption of emerging technology yet held accountable when that technology leads to a security event that causes a material change to the business. The attorneys want new technology, and the partners don’t want the associated risk.

Within the cycle, specific contributing factors were identified. Risk was increased by how aggressively firms adopted emerging technologies, such as cloud services, IoT, and AI. These risks were reduced by the overall security maturity posture of the firms, adoption of security technology and services, awareness and understanding of cyber risks at the executive level, and to some degree, the reporting and spending structure of security efforts.

Law Firms Are Amongst the Least Cyber Mature

What constitutes cyber maturity is certainly the contentious issue, but less mature firms were those that reported using basic preventative technologies, such as firewall, anti-virus, lacked integrated reporting, and threat response capabilities. Remember, these are self-reporting ratings of the respondents. Above other industries, nearly 70% of law firms only employ preventative technologies, and worse, only 5% have deployed more proactive and predicted security measures to rapidly detect and contain attacks.

Only 27% of law firms deployed endpoint security compared to over double that for all other industries. Mobile, cloud, and logging lag around the same percentage.

The effect is compounded, because this rudimentary approach limits law firms’ ability to deploy emerging technologies that carry greater risk. Across the board, businesses that reported a higher security maturity level were faster to adopt new technologies, such as mobile, cloud, IoT and AI. Let’s be honest, calling many of these technologies “emerging” is like calling the Internet a “fad.” They are already here, burrowed into our digital DNA, and here to stay. For example, nearly 80% of firms have adopted some form of cloud services. They might not have grey hair, but they are not adolescent either.

Over the next three years, AI was consistently selected, across all industry verticals, as one of the top three technologies that will pose the most risk to enterprises. IoT was also selected, across five of the seven verticals included in our study as a leading security risk.

Whether It Be Money, Time or Heart, Spend Wisely

Invest your time and money wisely in ways that matter. You can’t throw money at the problem, and certainly most law firms I’ve worked with hold their purse strings closely. Spend wisely and focus on what matters. Applying a strategic approach to security means you improve your posture, which increases your ability to adapt to new technologies and deliver the services that your law firm needs to remain competitive.

Join 100,000+ Security Leaders

Get notified of the latest news, intel and helpful tools & assets. You can unsubscribe anytime.

By clicking the button below I confirm that I have read and agree to the eSentire privacy policy.

View Most Recent Blogs
eSentire
eSentire

eSentire is the Authority in Managed Detection and Response, protecting the critical data and applications of 1500+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events. Combining cutting-edge machine learning XDR technology, 24/7 Threat Hunting, and proven security operations leadership, eSentire mitigates business risk, and enables security at scale. The Team eSentire difference means enterprises are protected by the best in the business with a named Cyber Risk Advisor, 24/7 access to SOC Cyber Analysts & Elite Threat Hunters, and industry-leading threat intelligence research from eSentire’s Threat Response Unit (TRU). eSentire provides Managed Risk, Managed Detection and Response and Incident Response services. For more information, visit www.esentire.com and follow @eSentire.