The need to protect sensitive business and personal data made the legal industry one of the earliest adopters of Managed Detection and Response technologies, and eSentire's Legal Industry Threat Intelligence Spotlight draws upon the anonymized network traffic from the dozens of law firms within eSentire's 650-plus customer base.
Mark Sangster, VP and Industry Security Strategist, eSentire said: "One key finding from the report reveals that 46% of legal organizations will experience a cybersecurity incident within the next 12 months. This high incident rate occurs even as law firms continue to improve their overall cybersecurity hygiene and are considered one of the more mature industries in protecting client assets from cyber criminals. This improved posture has resulted in firms having a lower incident rate for nuisance cyberattacks when compared to other industries, such as healthcare, manufacturing and energy."
This trend comes at a time when ILTA research shows that while firms are beginning to embrace emerging technologies, funding for security and general employee training is starting to wane. This combination is especially dangerous as cyber criminals are increasingly using exploitations focused on internal systems and cloud services. A fundamental lack of employee training leaves firms vulnerable to exploits and breaches caused by unintentional user errors, misconfiguration of security and privacy controls, and exploitation through phishing campaigns and fake invoices.
Joy Rush, CEO, ILTA said: "The more legal professionals know about the cyberthreats targeting the legal industry, the better decisions they are able to make about their cybersecurity priorities. By publishing anonymized, cybersecurity incident data from legal organizations, reports like the Threat Intelligence Spotlight on the Legal Industry have helped to create invaluable resources for any legal professional concerned about cybersecurity."
Almost 20% of IT assets in law firms are susceptible to being exploited by a high or critical severity vulnerability
Top internal threats come from email or drive-by downloads, with unique lures that mimic Adobe Cloud services and American Express credit products that cater to high net-worth individuals and frequent travelers
MalDocs remain dangerous by leveraging Microsoft macros to deliver malware that collects credentials, logs keyboard inputs and captures screenshots
About eSentire: eSentire, Inc., the global leader in Managed Detection and Response (MDR), keeps organizations safe from constantly evolving cyber attacks that technology alone cannot prevent. Its 24x7 Security Operations Center (SOC), staffed by elite security analysts, hunts, investigates, and responds in real-time to known and unknown threats before they become business disrupting events. Protecting more than $6 trillion AUM in the financial sector alone, eSentire absorbs the complexity of cybersecurity, delivering enterprise-grade protection and the ability to comply with growing regulatory requirements. For more information, visit www.esentire.com and follow @eSentire.