IBM estimates that businesses are attacked online an average of 16,856 times per year or 46 attacks per business per day. Of these, about two hackers are able to successfully slip through firewalls and past antivirus software in any given week.
In the case of U.S. v Hong et al, the motivation was clearly financial. Three Chinese citizens have been charged with trading on confidential corporate information which they obtained by hacking into law firms’ computer networks and targeting partners working on mergers and acquisitions. Their known gain was upwards of four million dollars.
In the words of U.S. Attorney Preet Bharara, “This case of cyber meets securities fraud should serve as a wake-up call for law firms around the world: you are and will be targets of cyber hacking, because you have information valuable to would-be criminals.”
Perimeter defenses, intrusion detection and other state-of-the-art software and network tools are eventually going to be common place at law firms of all sizes. Even when they are, some very simple protocols will help to prevent this type of exfiltration of sensitive client M&A/securities data. And the good news is that these protocols can be instituted now.
Here are a few of them: