Joint Research Highlights Disconnect Between Legal IT and Recommended Cybersecurity Practices
CHATTANOOGA, Tenn. and CHICAGO, June 6, 2023 /PRNewswire/ — Law firms store some of the most sensitive information available regarding material business transactions, intellectual property, Personally Identifiable Information (PII) and other personal data. Because of the importance of their role in protecting data, the International Legal Technology Association (ILTA) and Conversant Group, an innovative provider of “Secure First” infrastructure and cybersecurity services, today announced the release of a joint cybersecurity research report titled “Security at Issue: State of Cybersecurity in Law Firms.” The report presents findings of ILTA’s first industry-wide benchmarking survey on cybersecurity practices in global law firms, conducted in collaboration with Conversant Group, providing a rare glimpse into the vertical sector’s security practices. The survey was targeted specifically at understanding law firms’ cybersecurity controls, tools, practices and assumptions to determine how their cyber defenses could be improved.
“Because law firms are a top target of global threat actors and tactics like ransomware, ILTA recognized the need for a more in-depth, focused cybersecurity benchmarking survey beyond the ILTA technology-focused survey already being issued annually,” said Mark Grazman, Conversant president and ILTA Technology Survey volunteer member. “This focused survey goes much deeper into law firms’ security practices and posture, and it will enhance the industry-wide conversation about improving law firm cybersecurity and resilience given their high level of targeting and risk.”
According to the American Bar Association, nearly a third of law firms surveyed reported a breach within 2021, and 36% reported past malware infections. While law firms are in the crosshairs of threat actors, Conversant and ILTA’s data shows only ~15% of law firms felt they had security gaps (while over double that number have endured some form of breach).
“The data shows that legal IT staff suffer from both a definitional and paradigm problem,” said John A. Smith, CEO of Conversant Group. “IT leaders understand terms, definitions and concepts differently, and while no survey instrument can fully capture those nuances, the data shows that there are gaps in understanding what it means to be secure.” Examples of this are shown in the survey data below.
- Nearly three-quarters of respondents believed they were more or much more secure than their industry peers; yet the detailed results demonstrated significant security gaps across firms of all sizes.
- Sixty-five percent of responding firms state they have lateral movement defenses in place; yet the data did not demonstrate that multi-factor authentication (MFA) was employed as comprehensively as required to constitute lateral movement defenses.
- When asked about the top three threats to security, the top response (39%) was user behavior and lack of training to prevent this harmful behavior, rather than any threat actor activities. The data reflected that firms, on average, were not implementing controls that are needed to mitigate user risk, which would put greater control of user risk in IT’s hands.
- Backups are not viewed as a top security control—at firms’ peril. Only 11% viewed backups as a top control, and only 24% reported having multiple immutable copies of all data to protect against total loss.
- Large to very large firms demonstrate more mature security programs than their smaller peers through established proactive testing, dedicated security staffing, formalized change processes, etc. Yet, the report concluded they could still improve their security through a more layered approach to security across people, process and technology, rather than a focus on compliance.
“The key results we see from this survey show clearly that, without policy and procedure, firms are making security optional, left in the hands of users that are not technologically competent or trained enough to know how to be safe in a world that is both ever-changing and harder to innovate in without risk,” said Beth Anne Stuebe, Director of Publications and Press, ILTA.
Read Report Executive Summary: State of Cybersecurity in Law Firms Report – Conversant Group
Download the Full Report: https://www.iltanet.org/resources/publications/surveys/security23
About Conversant Group
Conversant Group is changing the IT services paradigm with our relentless focus on “Secure First” managed services, IT infrastructure and consulting. Conversant has been a thought leader for over 14 years helping over 500 customers and entire industries get answers to the security questions they may not even know to ask. We are the world’s first civilian cybersecurity force, with three time-tested battalions:
Fenix24 / Ransomware rapid response, remediation and recovery
Athena7 / IT security assessments, strategy and planning
Grypho5 / Ongoing, security-based management
Learn more at ConversantGroup.com.
The International Legal Technology Association (ILTA) serves the professional needs of more than 25,000 international legal technology professionals and their organizations. Since its founding in 1980, the association’s focus is to achieve results for our membership and the legal technology profession at large. Much of the value we provide as an association occurs through the coordinated efforts with our global volunteer membership teams.
Conversant Group Media Contact:
Lindsay Smith, Director of Content Marketing
ILTA Media Contact:
Beth Anne Stuebe, Director of Publications and Press
SOURCE Conversant Group; The International Legal Technology Association (ILTA)