Estimated reading time: 2 minutes, 49 seconds

Legal Industry Braces for Impact of Growing Ransomware Threat

Ransomware attacks have dominated the news cycle as hits on notable targets like the Colonial Pipeline have caused major disruptions around the nation and the world. As such, in order to bolster the security of the lawyer-client pipeline, the American Bar Association (ABA) Cybersecurity Legal Task Force has updated and republished its cybersecurity best-practices checklist, the trade association announced recently.

To help protect attorneys and those they serve, the ABA’s cybersecurity task force released the Vendor Contracting Project: Cybersecurity Checklist, Second Edition—an update to the 2016 version—to assist lawyers negotiating vendor contracts on behalf of clients.

“The updated checklist provides guidance in plain language for those solo and small-firm lawyers advising clients who need to incorporate cybersecurity protections in their contracts with third-party vendors,” said Claudia Rast, co-chair of the task force, in a statement. “It gives lawyers insight into the potential threats and vulnerabilities when negotiating with third-party suppliers, both on behalf of their clients and themselves.”

According to the ABA, third-party vendor attacks are difficult to sniff out and mitigate. In 2016, notes the group, Target was attacked via stolen credentials used to access its gateway server. In order to pull off the attack, the cybercriminals targeted the retailer’s HVAC vendor, and the case was eventually settled for $18.5 million, according to the ABA.

From Twitter:

The New York Times @nytimes May 29

"Once, criminals had to trick people into handing over passwords. Now, virtually anyone can obtain ransomware and load it into a compromised computer system with the help of YouTube tutorials and groups like DarkSide. The New York Times got an inside look."

Ransomware attacks are designed to lock users out of computer systems until they pony up the “ransom” needed to unlock the system. This could mean major headaches for legal services providers. “The cybersecurity threat landscape is constantly evolving, and it’s crucial for lawyers to stay current on the latest methods used by hackers,” according to the ABA. “The checklist covers vendor selection, including how to conduct a risk management assessment of potential vendors to identify risks and vulnerabilities. It also covers contract preparation with customizable sample contracts and vendor management best practices.”

Biden smile 5621670 640Recent cybersecurity attacks have prompted President Joe Biden to issue an executive order aimed at bolstering the national response to such attacks, which could have major impacts on both infrastructure and security. “The United States faces persistent and increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private sector, and ultimately the American people’s security and privacy. The Federal Government must improve its efforts to identify, deter, protect against, detect, and respond to these actions and actors,” according to the President’s order. “The Federal Government must also carefully examine what occurred during any major cyber incident and apply lessons learned.”

Biden added that the government alone cannot withstand the threats from cyber criminals facing the country. In order to win that war, he argues, a joint effort between the public and private sectors must be forged.

“ … cybersecurity requires more than government action. Protecting our Nation from malicious cyber actors requires the Federal Government to partner with the private sector. The private sector must adapt to the continuously changing threat environment, ensure its products are built and operate securely, and partner with the Federal Government to foster a more secure cyberspace,” reads the order.

Read 247 times
Rate this item
(0 votes)

Visit other PMG Sites:

click me
PMG360 is committed to protecting the privacy of the personal data we collect from our subscribers/agents/customers/exhibitors and sponsors. On May 25th, the European's GDPR policy will be enforced. Nothing is changing about your current settings or how your information is processed, however, we have made a few changes. We have updated our Privacy Policy and Cookie Policy to make it easier for you to understand what information we collect, how and why we collect it.