Law firms forming cybersecurity alliance

April 10, 2015 Arctic Wolf Networks

Law firms in both the U.S. and the United Kingdom are planning to come together and form an alliance. This alliance will allow them to share valuable cybersecurity information with each other to prevent and be better prepared for future cyber attacks.The 12 law firm's collaboration will be done with assistance from the Financial Services Information Sharing and Analysis Center (FS-ISAC), which is used by the financial industry to discuss cyberthreats.

The alliance will include top law firms like Sullivan & Cromwell, Debevoise & Plimpton, Paul Weiss Rifkind Wharton & Garrison, Allen & Overy and Linklaters in its early stages, but is expected to include another dozen or so immediately following its introduction around two months from now. The plan is for the alliance to allow the included law firms to have a way to conveniently discuss cybersecurity methods like weak spots in the infrastructure or recent methods that are being used to target them by hackers.

Law firms have already been doing so through the use of emails since around 2010. This new alliance seeks to improve on that method. 

With the assistance of FS-ISAC, law firms will be following the lead of financial institutions. Once involved, after paying a $10,000 annual fee, law firms will be provided with an option to submit information anonymously as to not to over-share information about the inner workings of their firm.

"We strongly endorse the cooperation of law firms and financial institutions to promote better cybersecurity and recognize this is an important issue for the [financial and legal] industry," says John Evangelakos, a partner at Sullivan & Cromwell. 

According to FS-ISAC CEO Bill Nelson, a conference was being held when the 12 law firms came and announced that they were interested in doing something similar. Although law firms aren't eligible for membership into FS-ISAC, the independent offshoot that is the newly created alliance will be able to benefit from the relationship. 

A symbiotic relationship
The law and finance industries occupy a lot of the same spaces. They often have to work with each other to accomplish their own goals. So the assistance being given to law firms by financial institutions isn't surprising, especially since they'll both benefit from the move. 

There are many times that documents and valuable information are kept in the presumably secure hands of law firms and financial institutions. But a cybersecurity breach can put this all at risk. For example, the breach that affected JP Morgan Chase in December 2014 that compromised information from 76 million homes and 7 million small businesses were all the result of a neglected server, according to the New York Times. 

Also in 2014, McKenna Long & Aldridge dealt with a breach when one of its servers was used for "malicious an unauthorized access" to the personal information of former and current employees that ranged from home addresses to Social Security numbers. 

By providing a means for law firms to share information about cybersecurity, with the assistance of the financial industry, everyone involved is taking the right measures to prepare for potential attacks. 

Concerns
Many people have concerns over this alliance between law firms and what it could mean regarding the sharing of information. The biggest concern is that everyone, firms and financial institutions alike, could be put in jeopardy if one firm's cybersecurity is compromised after they've all been concerned. 

Other concerns to note are questions as to where firms will get the funds to join the alliance and pay for latest upgrades in cybersecurity as well as law firms being used as "back doors" by hackers. 

Boris Segalis, the U.S. co-chairman of Norton Rose Fulbright's data protection and privacy practice,has expressed concerns about the future of information sharing amongst law firms. For starters, the benefits of the alliance have to be weighed against the cost of resources used to keep it in good standing. Firms also could access the same information they'll be gaining from each other through an information sharing system from first-hand sources like cybersecurity specialists or the FBI. 

Taking the threat of cybersecurity breaches seriously is something that can benefit all businesses. By coming together and building an open line of communication in regards to cybersecurity is a good start. But to really be in the best position to ward off cyberattacks, they'll need to adopt a managed SIEM solution in the future.

Cybersecurity news and analysis brought to you by ArcticWolf, inventors of firebreak detection and response security services. FireBreak, when your firewall fails.

 

Previous Article
Law firm cybersecurity on trial

Many law firms may be woefully unprepared to defend their networks. Here's how a SOC can help.

No More Articles

Ready to see Arctic Wolf in action?

Schedule a Demo