The legal community now has its own platform for sharing anonymous data on cybersecurity threats. The forum, the Legal Services Information Sharing and Analysis Organization, launched this Wednesday and should help the legal industry collaborate on and avoid security threats.
As we are fond of reminding our readers, cybersecurity threats are a major issue, threatening everyone from adulterers to government workers to adulterous government lawyers. Law firms are no exception. Eighty out of the 100 largest U.S. firms have been hacked over the past four years according to a report by cybersecurity consulting firm Mandiant.
Meet the Newest ISAC
The LS-ISAO joins a growing list of information sharing forums directed at specific industries. (These are typically referred to as ISACs, for Information Sharing and Analysis Centers.) There are ISACs for the aviation, defense, oil and gas, and financial industries, among others. Many of these ISACs are privately founded to share information about cyber and physical security threats, though some, such as Water-ISAC, are mandated by Congress.
This February, President Obama issued an executive order to encourage the creation of private sector cybersecurity information sharing platforms across more industries. Information sharing is also central to new bills seeking to improve the nation's cybersecurity defenses.
The LS-ISAO promises to provide news and analysis about potential and existing cybersecurity threats. It was established with the help of the Financial Services ISAC. It has been communicating with over 180 law firms, according to the New York Law Journal, though there's no word on how many firms have signed on. Membership is open to any firm that's primarily based in the U.S., Canada, or the U.K., for $8000 annually, whether it's a behemoth or a solo practice.
Informing the Perfect Targets
Law firms may be especially vulnerable to hacking. Since law firms deal with sensitive information both personal and financial, they're the "perfect target" according to Bloomberg Businessweek. And, while they've been warned by the FBI of cybersecurity risks since 2009, many firms still haven't adopted sufficient cybersecurity protections, leading to even greater risks.
In other words, even if firms are informed of risks, they may not have the capabilities to defend against them. Cybersecurity consultant Daniel Garrie told the New York Law Journal that, unlike large actors in the financial sector and other industries, many firms don't have resources in place to deal with threats. According to Bloomberg, the current strategy of many firms is simply to pick up cybersecurity insurance -- a great way to guard against losses, but not much of a firewall for keeping hackers out in the first place.