Cyberattacks on networks, systems, data and hardware are extremely common these days, and they have skyrocketed in frequency in 2020. Malware, phishing, spyware, DDoS attacks and other forms of digital breaches and data theft are not only frequent but come at a huge cost for the companies affected. According to IBM’s 2020 Cost of a Data Breach Report, most breaches in 2020 involved organizations’ personally identifiable information, and breached data cost businesses on average $150 per compromised record.
A few more figures from the report shed light on the costs that breaches incur:
In sum, data breaches are expensive, and they’re even more expensive the longer it takes you to spot them. Why should you care? This problem is becoming more relevant than ever: Cybercrime has increased around 400 percent amid the coronavirus, with ransomware attacks in particular increasing 800 percent during the pandemic.
In France alone last year, cybercrime increased by 255% compared to 2019. Several companies, including software firm Centreon, which lists Airbus, Air France, Thales, ArcelorMittal, Électricité de France (EDF), Orange and the French Ministry of Justice among its clients, were breached last Monday, and several French hospitals were hit with ransomware attacks within a week. In light of increased hacking activity, the French government announced they are investing 500 million euros to help companies and public authorities boost their cyber defences.
Meanwhile, Microsoft’s president just called December’s hack of software firm SolarWinds targeting the U.S. government the “largest and most sophisticated attack the world has ever seen.”
An effective cybersecurity strategy is paramount for businesses to protect their networks, systems and data from digital attacks. For law firms and legal departments, this means responsibly safeguarding huge amounts of both their own and their clients’ sensitive data. GDPR and other laws further impose this obligation by forcing all organizations that operate in the EU to communicate data breaches, require user consent to process information, and anonymize data for privacy. A security-by-design approach, compliant with the best cybersecurity practices, is the best way for law firms to protect their data. This involves:
Law firms’ access to confidential client data is a valuable commodity, and cybercriminals have taken the increasing use of technology within the legal profession as an opportunity to obtain sensitive personal data. Legal departments should take care to adhere to best practices and implement technological controls within their systems.
It is important, however, that this be paired with a holistic awareness of cybersecurity risks in firms’ governance and culture. According to data collected by IBM, human error is the main cause of 95% of cyber security breaches – from accidentally downloading malware, succumbing to a phishing attack, or simply not using a strong enough password – employees are using an increasing number of tools and services that put them at risk of making a mistake. That why educating employees about different types of threats and how to avoid them is paramount, along with instituting secure technology solutions. Together, these are the best way to mitigate the risk of data breaches and that are costly economically, reputationally, and regulatorily for legal professionals.