New Report: Cybersecurity In The Legal Sector

Cyber criminals are constantly looking for new ways to gain access to sensitive information, trade secrets, or intellectual property from companies with strong security measures. But if those organizations have strong security measures in place, it can be difficult to access—unless they go through a third party. One of the most direct connections to this information is the legal industry, which is frequently overlooked when it comes to cybersecurity analysis.

Download The Full Report: Exploring Data Security In The Legal Sector & Beyond

Interestingly, BitSight researchers studied the Security Ratings of six major industries—finance, legal, retail, health care, energy/utilities, and government—over the last 12 months and found that the legal sector generally has high Security Ratings and has performed well as an industry. When compared to the other industries examined, BitSight found that companies in the legal sector have low rates of vulnerabilities that could lead to man-in-the-middle attacks.

Despite these findings, the industry remains a key target for cyber criminals. For example, retail and legal were found to have very similar Security Ratings, with retailers seemingly appearing in more cyber breach headlines. This suggests that the legal sector may be exposed to vulnerabilities similar to those in retail and could become more of a target for cyber criminals. Additionally, Cisco listed legal as a vertical at risk of malware attacks as part of its 2015 Annual Security Report.

security ratings snapshot example

Request your free Security Rating Snapshot to find the gaps in your security program and how you compare to others in your industry.

Get Your Rating
Button Arrow

Notable Legal Industry Breaches

Cyberattacks have already taken place on some of the largest law firms representing
numerous Wall Street banks and Fortune 500 companies. A major breach could cause catastrophic harm to the business and its reputation (as well as its clients’) and there can be serious implications on insider trading, mergers, and acquisitions. Thus, cybersecurity for law firms is becoming a critically important topic. Consider these noteworthy legal industry breaches and events.

In 2012, Coca-Cola attempted a $2.4 billion acquisition of the Huiyuan Juice Group and was subsequently breached by a hacker collective known as the Comment Group. This group has been known for stealing intellectual property and trade secrets from patent law firms and investment banks. Three days after Coca-Cola was notified of the breach, the deal fell apart.

In early 2016, the International Consortium of Investigative Journalists (ICIJ) released the financial and attorney-client information of more than 214,000 offshore entities created by Panamanian law firm Mossack Fonseca. The documents (widely known as the "Panama Papers") revealed that many shell corporations were used for illegal purposes, such as fraud and tax evasion. The data covered nearly 40 years and named various world leaders and businesses. Thousands of files leaked through a breached email server and impacted hundreds of people and companies. This breach demonstrates the magnitude and the widespread impact that a cyber breach could have across various industries.

Also in early 2016, the FBI put out a Private Industry Notification regarding the possibility of an attack on multiple international law firms. As a result of these rising threats, organizations across all industries are beginning to audit and require security assessments from their legal service providers. According to Michael Overly, a partner at Foley & Lardner who focuses on cybersecurity issues, "clients are now routinely sending security due diligence questionnaires to their counsel to assess the security preparedness of their firms."

Potential Legal Sector Compromises & Vulnerabilities


Botnets have plagued information security teams for decades. Cyber criminals use botnets to compromise machines, send spam emails, or create DDoS (distributed denial-of-service) attacks—all with hopes to disrupt data confidentiality, integrity, or availability.

For example, the Mirai botnet was recently used in a DDoS attack on Dyn, a DNS (Domain Name System) provider. The attack, which occurred on October 21, 2016, lasted several hours and disrupted service on popular websites like Twitter, Spotify, Amazon, the New York Times, and many others. The impact of attacks like these can be substantial, especially for companies that rely on web traffic to operate. BitSight monitored the number of Mirai infections across the world on the day that Dyn was attacked and discovered a large number of Mirai infections across Latin America and Asia, which highlights the widespread reach of machine compromises. Today, cybercriminals are leveraging Mirai and other machine compromises for additional attacks. Recently, more than 900,000 Deutsche Telekom customers were recently knocked offline after their routers were infected with Mirai.

Large machine compromises have the potential to severely disrupt normal business operations for many companies. BitSight researchers analyzed the prevalence of machine compromises across each industry in this report. A common type of machine compromise found was Conficker, which specifically targets Windows operating systems. Another type of botnet to watch for is Bedep, which is most typically spread via malvertisements (online advertisements capable of infecting a user's computer with malware). Bedep uses heavy encryption and Microsoft file properties to avoid detection, then connects as many victim machines as possible to carry out larger attacks. In order to improve cybersecurity for law firms, lawyers and other employees should be particularly careful of the websites they visit and the emails they receive, as these may expose them to online ads infected with Bedep.

To find out if you may be at risk of a botnet infection—and what you should do about it—take a look at this BitSight Insights report.

SSL/TLS Vulnerabilities

SSL vulnerabilities can provide criminals with the ability to perform man-in-the-middle attacks or extract sensitive information. Heartbleed, for example, is an OpenSSL vulnerability discovered in 2014. At the time of disclosure, it impacted roughly half a million of the internet's web servers using certificates issued by trusted certificate authorities. DROWN is another major SSL vulnerability that can allow hackers to steal usernames and passwords, credit card numbers, emails, instant messages, and other data.

BitSight researchers examined the number of organizations that exhibited major SSL/TLS vulnerabilities (including Heartbleed, DROWN, POODLE, and Logjam) and discovered that nearly 80% of organizations across all industries examined are vulnerable to Logjam or POODLE. They also found that companies in the legal sector had some of the lowest rates of SSL/TLS vulnerabilities. Although the findings may paint legal as a high-performing industry, it is important to note that many organizations in the legal sector remain vulnerable to attacks. In fact, researchers found that more than 60% of companies in the legal industry were vulnerable to DROWN.

Download The Full Report: Exploring Data Security In The Legal Sector & Beyond

You now have a better understanding of the legal industry’s Security Ratings, notable breaches, and potential compromises that could impact cybersecurity for law firms. With all of this in mind, it’s time to take action.

Download the complete (and free) BitSight Insights report to find:

  • The cybersecurity performance of the legal sector compared to six other industries.
  • Five critical recommendations for cybersecurity for law firms.
  • How the cybersecurity posture of the legal sector has changed over time.
  • Whether the legal industry’s security performance should raise concerns for information security teams.