Misery loves company, you could say, but when you are the guardian at the gate, this may be company you don’t want to keep. In “Highlights of Verizon’s 2019 Data Breach Investigations Report,” Sharon Nelson, takes on and highlights Verizon’s most recent survey. In short, the news is not good for anyone in general, and professionals in particular.
The Verizon Report is based on 41,686 security incidents. Of those many-thousands, 2,013 were verifiable and confirmed data breaches, Nelson relates, with the intrusions breaking down as follows:
- 69% involved outsiders
- 39% involved organized criminals
- 34% via internal parties, think disgruntled employees
- 23% from nation-state hostiles
- 5% implicated partners
The types of attacks were quite predictable but also alarming, because the types reveal the nature and source of the vulnerabilities. More than half (52%) derived from hacks, a third from social attacks, a bit over a quarter also involved malware, while 21% came from human error, and 15% from unauthorized users. Obviously, several of the categories overlapped.
Small businesses were the largest group of victims (43%), followed by the public sector (16%), healthcare (15%), and then financial groups (10%).
What caught our attention were Nelson’s takeaways, because these are the specific pain-points for the legal profession and their clients. The big one was: “C-level executives were 12 times more likely to be the target of social incidents and 9 times more likely to be the target of social breaches than they previously were,” and Ransomware, which has been of deep concern to law firms, “is still going strong, accounting for nearly 24% of incidents where malware was used…”
Independently digging deeper into the Verizon Report, we discovered that the Verizon authors widely urged professionals to “Use actionable intelligence to strengthen your security… As security threats and attackers constantly evolve, Information Security professionals may feel attackers are outpacing efforts to stop them. But security professionals and business leaders have powerful tools of their own to deploy against bad actors…”
As the Report states, “The most important defense is knowledge. By gaining perspective, insight and understanding of the threats they face, organizations can take crucial steps to mitigate them.” Law firms and legal departments can no longer afford to be followers, constantly playing catch up.
The Report confirms what we all know, that “The stakes are high, with organizations’ data, customer base, proprietary business information and trade secrets vulnerable to attacks. Data breaches continue to threaten organizational reputations and finances. But security professionals have the power to meet these challenges.” And that is the power that must be embraced, especially with regards to sensitive and privileged information.
In our opinion, the biggest take-away from Ms. Nelson’s post and the Verizon Report is that legal professionals can no longer sit on the side-lines expecting someone else to protect them. They must become knowledgeable and accountable for their own security and employ tools that will pro-actively protect their client’s and their own sensitive information.