One of the biggest mistakes that small companies make is thinking that they’re not significant enough to be a target for cybersecurity breaches. While multi-billion dollar corporations have long been at the top of hackers’ hit lists, as attacks have increased, so have companies’ implementations of countermeasures. Penetrating the systems of major corporations is now a much bigger challenge than it once was.
Not surprisingly, cybercriminals have responded by shifting their focus to smaller companies. The reasoning is simple – small businesses still have valuable confidential data, but typically have far fewer cybersecurity preventions in place, making them easier targets. They also often work with the large corporations that are becoming increasingly difficult to penetrate directly. Hacking into the smaller companies can offer a back way in to hacking the larger companies.
Small and mid-size companies frequently lack the cybersecurity protections that major corporations have been forced to implement, partly due to a lack of resources, and partly due to the aforementioned belief that they’re simply too insignificant for hackers to bother with. Unfortunately, the hackers have caught on to this.
The reality is that hackers are opportunistic and will look to make money wherever they can. What matters most to them is not so much the size of your operation, but how easy it is to penetrate it. Ten easy small targets can quickly surpass the value of one huge target that will take tremendous time and effort to attack.
Implications for Law Firms
As we’ve seen in the past year, law firms have increasingly become targets for sophisticated cyber attacks. Law firms have been investing in implementing security measures to prevent hacks when data is stored within their one networks similar to their corporate counterparts led by the financial sector. This will force hackers to try to find a different way in, and there’s no reason to think we won’t see the trend that has played out in financial institutions to move over to the law firm arena. Hackers will likely switch their focus to softer targets in the hope of gaining access to the bigger players. For big law firms, this means third-party vendors are prime targets.
This will force hackers to try to find a different way in, and there’s no reason to think we won’t see the trend that has played out in financial institutions to move over to the law firm arena. Hackers will likely switch their focus to softer targets in the hope of gaining access to the bigger players. For big law firms, this means third-party vendors are prime targets.
Many vendors that work with law firms are much smaller companies with far fewer cybersecurity countermeasures in place. Nonetheless, they typically have a high level of access to the firm’s confidential information and systems. The combination of low security and high access makes vendors a potential windfall for hackers looking to obtain sensitive law firm data.
The takeaway for law firms is that they need to invest in serious vetting of vendors before granting them access to systems, networks, and data. Too often, firms fail to devote the same level of diligence to ensuring the security of their vendors as they do to their own people. In a world where hackers are looking for any way in, such a failure could be fatal to the firm’s cybersecurity. Even the best internal countermeasures in the world won’t help if you’re opening yourself up to potential hacks via your third-party vendors.