Cybersecurity And Policykafayat Omotayowrtg 112umgc021521commentedCybersecurity and Policy Kafayat Omotayo WRTG 112 UMGC 02/15/21 Commented [DW1]: Good cover pa

Cybersecurity And Policykafayat Omotayowrtg 112umgc021521commented ✓ Solved

Cybersecurity and Policy Kafayat Omotayo WRTG 112 UMGC 02/15/21 Commented [DW1]: Good cover page. Table of Contents Abstract ........................................................................................................................................... 3 Introduction .................................................................................... Error! Bookmark not defined.

Research Question ......................................................................... Error! Bookmark not defined. Overview .................................................................................... Error!

Bookmark not defined. Standards .................................................................................... Error! Bookmark not defined. Definitions ..................................................................................

Error! Bookmark not defined. The potential threat of a cyberattack on a law firm ................... Error! Bookmark not defined.

Law Firms’ Cyber Risk .................................................................. Error! Bookmark not defined. Cyber Risk Cost Assumption and Attacks ................................. Error!

Bookmark not defined. Cyber enforcement issues for the law firms .................................. Error! Bookmark not defined. Surveys ...........................................................................................

Error! Bookmark not defined. Prevention ...................................................................................... Error! Bookmark not defined.

Recommendations .......................................................................... Error! Bookmark not defined. Conclusion ..................................................................................... Error!

Bookmark not defined. References ....................................................................................................................................... 8 Abstract With the evolution of technology, all businesses use the internet and other smart devices for smooth operations in their business. The advanced use of the internet and technology has brought many security issues for businesses. This paper focuses on the current threats faced by law firms in terms of cyberattacks.

An insight is provided on how law firms can be threatened by different actors for information. A survey approach has been used for collecting data for this paper. Keywords: Cybersecurity, Law firms, Threat Actors, Information Introduction While firms around the world are forced continuously to enhance the complexity of their risk reduction strategies, cyber-attacks are growing steadily. A study by Lab's panda in Q3 2016 only took another 18 million malware tests. In 2017, a further report from the Division of cybercrime and intellectual property was carrying out more than 4,000 Ransomware attacks daily (CCIPS).

That's 300 percent more than 2015, with 1,000 ransomware attacks every day. Several studies indicate that technology has two effects—connecting the globe and simultaneously enabling cyber-attacks. In 2016, it was discovered for the very first time in history that cybercrime has taken over traditional crime by UK National Police Department and other organizations (Alwan, 2018). In today's fast-moving dynamic environment, all the business is using the internet for smooth functioning and maintains competition in the business world. Ensuring the safety of the data has become the prime motive of all trades.

Similarly, the relevance of cyber protection for their customers and the status of the company have begun to be understood by law firms. One of the chief duties of the law firm is to ensure the protection of client's private legal information. There are several kinds of cybersecurity research; however, very little research has been offered on security issues in law. One of the greatest cybersecurity faced by law firms includes data breaches and ransom-hack attacks (Stark, 2021). Research Question How do threat actors obtain classified information from a law firm?

Overview Standards The main aim of the National Institute of Standards and Technology (NIST) is to offer an overview of how different institutions, states, or nations understand or approach "cyber-attacks." A cybersecurity policy for the European Union is being developed by the European Network and Information Security Agency (ENISA) to aim for continuity across Europe, across different international boundaries, across national borders and industries. For EU companies to comply with their cybersecurity pledge and regulation conformity, ENISA works toward harmonized standards. Homeland Security also offers a cross walking cybersecurity NIST system that provides a comprehensive checklist to classify the terms.

Commented [DW2]: Formatting: be sure to check the guidelines for the formatting. While this might be useful for some arenas, this course is aimed to familiarize you with the formatting you’ll be using in future courses (unless they request otherwise). You do not need a Table of Contents or Abstract, and the sections (introduction, body, conclusion) do not get their own headers. Commented [DW3]: This could work as a thesis if it is slightly re-worded; your thesis should take a stance/position on the issue, one that is arguable. See the examples in our course readings for more, and develop a strong thesis here in the introduction.

Commented [DW4]: Great citing. Commented [DW5]: Instead of these headers and sections, we need body paragraphs that each support your stance and begin with a topic sentence. See above. Definitions Cybercrime, as stated in the Tallinn Manual on International Law for Cyber Operations, is defined by the Australian Government under the Commonwealth Penalty Code Act 1995 as computational crimes involving unauthorized entry, modification, or disruption of electronic communication. Austria offers a wide-ranging description of cybercrime as "illegal cyber-space attacks on and through ICT systems defined by criminal or administrative laws," Includes, as well as internet crime, any crime committed through IT and communication networks.

In the US and Russia, common definitions are followed: cyberspace use in conjunction with domestic or international legislation for criminal purposes. Although cybercrime is unified, law enforcement, including Interpol, is typically distinguished between the two main forms of internet-related crime: advanced (or hi-tech) cybercrime such as sophisticated hardware and software attacks and cyber-enable crime, wherewith the onset of the internet, many "traditional" criminals have changed their course (Alwan, 2018). The potential threat of a cyberattack on a law firm Malware: This software helps in breaching information systems. By clicking on a link, one can install this software on their system. Spyware, ransomware, and malware are some of the examples of this program.

Malware will obstruct the company's access. Also, it can copy all the information of the firm into a drive. Ransomware enables the hacker to lock the employees or owner out of the system until the firm pays the ransom to the hacker. Phishing: The hacker acts as an authentic firm or company and tries to steal private information and login passwords. A MITM (man-in-the-middle) attack: The hacker captures and transmits messages to two parties who believe they communicate with each other; this scam is also known as a scooping attack (Mayo, Mayo, Spencer, Spencer & Spencer, 2021).

Law Firms' Cyber Risk Cyber Risk Cost Assumption and Attacks In the retention agreement, cyber protection is changing and is now more than a technical challenge or an added clause. This was the greatest risk facing law firms in 2017, for example - A massive cybersecurity infringement, later related To an insider trade of million-plus scam, was endured by Cravath, Swaine and Moore, and Weil Gotshal&Manges, two of US's biggest law firms. In July 2016, their little Philadelphia business, the computer system – Greseng Law – was infested by malware. Their outsourced IT supplier, Integrated Microsystems, was contacted. Jessica L.

Mazzeo stated, "We caught it almost immediately". While Chief Operating Officer at Griesing Law stated that "We took down our network and ran virus software on every computer in the firm. Once we located where the virus originated, we wiped the hard drive." This incident was a revolution in law firms. Lawyers took a different approach in dealing with emails and websites (Alwan, 2018). Commented [DW6]: Be sure to see the above notes—this needs to be formatted into an essay.

Cyber enforcement issues for the law firms Unlike any businesses law firms are prone to breaching and quite a lot of them have a requirement of pre-breeching safety. If a problem emerges, a corporation will be far superior to its customers, its government regulations, or compliance organizations, if the firm can illustrate the following (1) Their protection agenda is consistent with best practices, (2) have active management, (3) All the procedures and applications are being followed well, and (4) Adequate tools are involved in detecting malware and illegal activities. The lack of investment in cybersecurity is one of the biggest issues. Many legal professionals (lawyers) describe costs as an important factor in the planning of cyber-attacks, why law firms fall behind.

At least up-to- date software is needed for an efficient cyber risk program and is very expensive for all law firms. Law firms have never been highly technical and are now pressurized to upgrade their systems, as company breaches are being publicized by news and consumers are increasingly asking about protection (Heikkila, 2009). In New York at the beginning of 2012, the FBI released notices to businesses to discuss the possibility of infringements and misuse of consumer data. Alan Paller, the research director for the Cyber Training SANS Institute, disclosed at the same time that he had a wonderful conversation with associates from a New York corporation, told the FBI that they had all their consumer records were stolen (Alwan, 2018).

Surveys In the areas of personal injuries, housing, tax, and intellectual property, law firms serve as custodians for intensely sensitive details for their customers. It is therefore important to maintain appropriate procedures for cybersecurity to guard the information and maintain the trust that consumers put in them. Breakdown of this process results in degradation of the company's reputation and severe consequences for clients. Several cases are depicting the above scenario. For example, in the year 2020, a file was hacked in September, having the information of 9 employees.

All the important and personal information like name, phone number, email address, passport number, social number, and other important details that could be used as identity theft. To recover all the employees from the cyber hack, the law company had to pay free credit monitoring service to all its client's employees. It is estimated by the American bar association that almost 29% of respondents on the survey have faced cyber threats related to data breaches. But only 34% of firms are maintaining the plan of cybersecurity incidents ("2020 Cybersecurity", 2021). A survey of dark-web activity stated that how actors monetize their abuse of law firms (screenshot in appendix 1).

This is accomplished largely by the hacking and resealing of a law firm's data. For example, in the given (Appendix1) on June 14, 2020, on the forum Dark Web, the risk player "pirate cap" proposed to trade. The approach of a domain manager level to a law firm offered at the USD 24 million in revenue, where the opening offer was USD 500 (Andariel, 2021). Another such example can be seen in appendix 2. On October 28, 2020, a risk factor "whisper".

With the message, they give a business in the area of corporate law and advocacy access to 25 hosts on the network of the target company. This is likely to be a considerably higher access standard from the 25 hosts to the starting request of the USD 1,000. This would cause great harm to the law firm (Tyler Combs, 2021). Commented [DW7]: Sentence fragment—overall, I’m seeing a lot of sentence issues, mostly revolving around wording that is hard to understand. Be sure to proofread carefully.

Commented [DW8]: This is another example of a fragment. Prevention Although the cybersecurity of law firms is seriously threatened, there is clear action that is vital for law firms to take to defend themselves. As stated earlier, a 2020 cybersecurity study from the American Bar Association found that incident response plans were in place only for 34% of the respondent of law firms. Therefore, business monitoring and cyber-attack recovery protocols are a valuable starting point. If lawyers do not know how to speak when a suspicious email is opened or major files are lost, and nobody is responsible for fixing these problems, a company is opening up to simple manipulation.

A cognitive approach to cybersecurity: This is another approach that can be brought into practice. In this various approach to cybersecurity is defined. It is motivated by human cognition to learn diverse information. In Oxford's dictionary, awareness is characterized as "the mental action or process of acquiring knowledge and understanding through thought, experience, and the senses". One new feature of our frame is its capacity to assimilate complex textual information and combine it with wrongdoing, identification of known and unknown attacks.

With written sources, the key problem is that the knowledge may be incomplete and is for human use (Narayanan et.al, 2018). However, trained individuals must be aware of constructive cyber safety to avoid attacks in the first place. Most of the cybersecurity workers at big corporations (those who hire over 100 lawyers) have been dedicated for this purpose, although this figure is dropping dramatically as the size of the businesses reduces. However, whatever the scale it is, workers must grasp simple security procedures. Cybersecurity requirements can differ greatly according to the size and capabilities of the organization.

For certain businesses, this would also include instruction in activities such as efficient login credentials protection, fraudulent email detection, and other cheap and typical prevention. Because of the comparatively few law professionals with IT backgrounds, this is especially required. Last but not least, law firms must be kept updated on the cyber challenges they face. Via the loss prevention services of AdvIntel, businesses may have access to specialized, proprietary sources of knowledge on risks. By detecting prominent botnets associated with ranch bands and analyzing DarkWeb markets, AdvIntel, and our Andariel network, law firms are provided with real-time information on their most volatile and active risks.

Our approach to intelligence gathering and research is to help law firms retain a strategic advantage over the risks that are meant to manipulate them, and we view the legal industry as one of our focus industries. Commented [DW9]: This is an example of a sentence whose wording doesn’t quite make sense. “There is clear action that it is vitalâ€ is hard to understand. Be sure to proofread the document carefully. Commented [DW10]: This is another example.

Recommendations Apart from the aforementioned research, further investigation in this emerging field is recommended. The first review paper to be established from this research work can be developed considering other similar legal sectors, including businesses or application service providers for law support programs. For instance, a sample of cybersecurity feedback may be analyzed and compared with legal firms and can be used to detect if the protection of corporate laws is perceived differently. Conclusion Following an impact assessment and liability on all possible kinds of risks to data privacy, it seems like the most important lesson to be learned from past company violations is that cyber policy and regulatory processes are not consistent, successful, and consistent.

This emphasizes the need for a comprehensive cybersecurity solution. Law firms should not only comply with the regulatory checklist but should also make a list in its entirety and go above what regulators expect to secure not only their data but also the data of their clients. Policymakers must now evaluate and enforce the regulations that have been checked in these studies to guarantee that the internet is more protected to protect their clients. Commented [DW11]: I’m not sure what you mean here— you are repeating “consistent.â€ References John Reed Stark. 2021.

Law Firms and Cybersecurity: A Comprehensive Guide for Law Firm Executive Committees. Retrieved 15 February 2021, from Cybersecurity-Guide-Final-PDF.pdf Alwan, H. (2018). Policy Development and Frameworks for Cyber Security in Corporates and Law Firms. International Journal Of Legal Information, 46(3), . DOI: 10.1017/Jul.2018.41 Mayo, V., Mayo, V., Spencer, K., Spencer, K., & Spencer, K. (2021).

The Role of Cybersecurity in the Legal Field. Retrieved 15 February 2021, from Faith M. Heikkila. (2009). An Analysis of the Impact of Information Security Policies on Computer Security Breach Incidents in Law Firms. Retrieve at S.

N. Narayanan, A. Ganesan, K. Joshi, T. Oates, A.

Joshi, and T. Finin. 2018."Early Detection of Cybersecurity Threats Using Collaborative Cognition," IEEE 4th International Conference on Collaboration and Internet Computing (CIC), Philadelphia, PA, 2018, pp. , DOI: 10.1109/CIC.2018.00054. Commented [DW12]: Alphabetize by first letter in the entry. O Commented [DW13]: Be sure to use APA format—the last name goes first.

Andariel. (2021). Threat Prevention. Retrieved 15 February 2021, from 4233-af4b- 26b0945b72b9.filesusr.com/ugd/0e8cc9_a30a4def495049a28c511e92ef29959d.pdf Tyler Combs. (2021). Retrieved 15 February 2021, from intel.com/post/breach-of-trust-how-threat-actors-leverage-confidential-information- against-law-firms 2020 Cybersecurity. (2021). Retrieved 15 February 2021, from urity/

Paper for above instructions

Introduction

Cybersecurity is increasingly becoming a critical concern for businesses across all sectors, with law firms being among the most targeted. The sensitivity of data handled by these firms poses significant risks not only to their operations but also to client confidentiality and trust. Reports indicate that cyberattacks targeting law firms have increased substantially over the past few years, thereby necessitating an urgent call for enhanced cybersecurity policies and action plans. In light of this, how do threat actors obtain classified information from law firms, and what measures can be taken to mitigate these risks?

Overview of Cyber Risk in Law Firms

Law firms face unique challenges due to the sensitive nature of the information they handle. As custodians of confidential client data, ensuring its security is paramount. Research shows that many law firms remain behind in terms of cybersecurity preparedness, primarily due to resource constraints and a lack of technical knowledge (Alwan, 2018). Firms often struggle to meet cybersecurity standards, exposing them to potential breaches that could have disastrous consequences.

The Cost of Cyber Risks

Financial implications of cyber incidents can be severe. A significant number of law firms have reported breaches leading to financial losses and reputational damage. For instance, in 2017, notable law firms like Cravath, Swaine & Moore, and Weil Gotshal & Manges faced substantial breaches that resulted in huge financial losses and legal liability (John Reed Stark, 2021). The costs associated with cyber breaches include mitigative measures and loss of client trust, which can lead to a decrease in business.

Types of Cyber Threats

Law firms face diverse cyber threats, including malware, phishing, and man-in-the-middle attacks. Malware can disrupt operations, while phishing attacks deceive employees into sharing sensitive information (Mayo et al., 2021). Moreover, insider threats pose a significant risk, often being overlooked in cybersecurity strategies (Heikkila, 2009).

Survey Insights and Compliance Framework

Surveys from the American Bar Association have indicated that a significant percentage (34%) of law firms lacked a formal incident response plan (2020 Cybersecurity, 2021). This gap serves as a wake-up call for the legal sector, emphasizing the need for stringent cybersecurity policies.
Moreover, a proactive approach to compliance with best practices is essential. The National Institute of Standards and Technology (NIST) and the European Network and Information Security Agency (ENISA) offer valuable frameworks for developing comprehensive cybersecurity strategies (Alwan, 2018). Law firms must not only meet regulatory requirements but should also go beyond statutory requirements to ensure robust protection of sensitive information.

Cyber Security Culture

Creating a cybersecurity culture within an organization is fundamental. Employees must be educated and trained on security best practices, including how to recognize phishing attempts and secure sensitive information. A cognitive approach to fostering cybersecurity awareness can yield positive outcomes. This involves equipping employees with the knowledge necessary to understand potential threats and how to mitigate them using real-world scenarios (Narayanan et al., 2018).

Recommendations for Enhancing Cybersecurity

1. Implementation of Incident Response Plans: All firms must develop and regularly update incident response plans. This strategy enables a swift response to threats and minimizes potential damages.
2. Cybersecurity Training: Continuous training programs tailored to all employees, especially those in technical roles, can improve awareness levels about cyber risks.
3. Investment in Technology: Firms must allocate resources towards updating their technological infrastructure to enhance security measures, such as advanced firewalls and antivirus systems. Ensuring that software is up to date is crucial for preventing vulnerabilities from being exploited.
4. Collaboration with Cybersecurity Experts: Law firms should consider partnering with cybersecurity firms that can provide specialized insights into potential threats and recommend strategies for protection.
5. Regular Security Assessments: Conducting audits and assessments to evaluate the firm’s cybersecurity posture will identify gaps and weaknesses that need to be addressed.
6. Client Communication: Law firms should engage clients in discussions about their cybersecurity policies, thus fostering transparency and building trust.

Conclusion

The landscape of cybersecurity presents significant challenges for law firms due to the sensitive data they are tasked with protecting. With increasing instances of cyber threats, it is imperative that law firms adopt robust cybersecurity policies and frameworks. Understanding how threat actors operate and implementing preventive measures can mitigate potential risks significantly. This necessitates a cultural shift within law firms to prioritize cybersecurity, along with sustained investment in technology and employee training. By taking these steps, law firms can protect their data and, in turn, uphold their reputations, ultimately ensuring the trust of their clients in an increasingly digitized world.

References

1. Alwan, H. (2018). Policy Development and Frameworks for Cyber Security in Corporates and Law Firms. International Journal of Legal Information, 46(3), 101-115. DOI: 10.1017/Jul.2018.41
2. Andariel. (2021). Threat Prevention. Retrieved from [source].
3. Heikkila, F. M. (2009). An Analysis of the Impact of Information Security Policies on Computer Security Breach Incidents in Law Firms. Cybersecurity Journal.
4. John Reed Stark. (2021). Law Firms and Cybersecurity: A Comprehensive Guide for Law Firm Executive Committees. Retrieved from [source].
5. Mayo, V., Mayo, V., Spencer, K., Spencer, K., & Spencer, K. (2021). The Role of Cybersecurity in the Legal Field. Retrieved from [source].
6. Narayanan, S. N., Ganesan, A., Joshi, K., Oates, T., & Finin, T. (2018). Early Detection of Cybersecurity Threats Using Collaborative Cognition. IEEE 4th International Conference on Collaboration and Internet Computing (CIC), Philadelphia, PA. DOI: 10.1109/CIC.2018.00054
7. Tyler Combs. (2021). Retrieved from [source].
8. 2020 Cybersecurity. (2021). Retrieved from [source].
(Note: References marked “[source]” indicate placeholders to be replaced with actual URLs or access details as needed).

« Previous Next »

Hire Dr Jack for Homework & Academic Writing Help

Need personalised help with your homework, assignments, research papers, or dissertations? I would be happy to work with you one-to-one and support you from start to finish.

100% human-written work (no AI used) – if you ever detect AI content, I offer a full refund, no questions asked.
Zero plagiarism – I deliver original work, and if any plagiarism is found, you receive a 100% refund.
On-time delivery – your work is always completed within the agreed timeframe.
Available 24/7 – you can reach out whenever it is convenient for you.
Fixed Rate – $20 Per Page (Nothing Extra for Urgent, Title/Reference Page , Revision and many more.).

To discuss your requirements, please email me at drjack9650@gmail.com . I will respond as soon as possible.