Introduction
The global shift to remote work, sparked by the COVID-19 pandemic, has significantly altered the cybersecurity landscape and presented new challenges for legal professionals and organizations worldwide. This transformation has expanded the attack surfaces available to cybercriminals, as remote working conditions reduce the efficacy of traditional cybersecurity defenses designed for in-office work environments (Pratt, 2022). Organizations have been forced to update policies, procedures, and technical controls to address vulnerabilities associated with remote work, such as unsecured home networks and the use of personal devices for professional tasks (Anant et al., 2020). Furthermore, the pandemic-induced remote work movement necessitates a reassessment of core IT infrastructure, emphasizing the importance of secure connections to company networks, often through virtual private networks and the implementation of approved applications and cybersecurity tools on all devices authorized to access company systems (Coden et al.). For legal professionals, this underscores the importance of guiding their clients through the complexities of compliance with diverse regulatory requirements and implementing robust data protection strategies in this new normal of work.
The New Frontier of Cybersecurity Challenges
With the advent of remote work, the traditional perimeter-based network security model has been upended. One of the primary reasons for this is the decentralization of workspaces, with legal professionals working from homes that are less secure than their office corporate networks. The National Security Agency emphasizes that home networks could become access points for malicious actors, and securing these environments is critical (NSA). The Cybersecurity and Infrastructure Security Agency advises on the importance of adjusting default configurations on home network devices, using strong passwords, running updated antivirus software, and installing network firewalls to defend against external threats (CISA). Organizations must understand that each remote connection represents a potential entry point for cybercriminals, and these vulnerabilities are manifold.
The WFH transition has not only presented new cybersecurity challenges but has also significantly increased the risk of insider threats. A significant portion of these threats stems from non-malicious insiders — employees who, due to a lack of proper training or cybersecurity tools, accidentally cause a security breach. For example, a study found that over half of remote employees have not received updated security policies or guidelines on handling personal identifiable information (PII) since the move to WFH, raising the risk of data mishandling (O'Donnell & O'Donnell). Further compounding the issue is the use of personal devices for work, with 53% of remote employees doing so, often without adequate security measures in place provided by their employers (Cyolo).
The threat also comes from within — disgruntled employees, who, due to various stressors such as job dissatisfaction, financial incentives, or emotional tolls from changes in the work environment, may become malicious insiders. Such individuals now have increased opportunities to exfiltrate sensitive data or engage in other harmful activities due to less direct oversight and potentially reduced access controls. Exemplifying the increased vulnerabilities associated with remote work, the UK Information Commissioner’s Office found that 60% of breaches affecting legal organizations between 2022 and 2023 were perpetrated by insiders (NetDocuments).
The Rise of Identity-Based Threats
The rise in remote work has led to a significant increase in the number of people accessing secure data from off-site locations. This has also created new opportunities for hackers to exploit identity-based cyber threats. Since remote workers often use personal devices and networks that may not be as secure, they are more vulnerable to credential theft and related attacks.
According to the IBM X-Force Threat Intelligence Index 2024, there has been a substantial 71% year-over-year increase in attacks leveraging valid credentials. This trend underscores a strategic shift by threat actors towards methods that prioritize stealth and ease of access over more brute-force tactics. The exploitation of legitimate user identities, seen in equal measure to phishing at 30%, has become the modus operandi for cybercriminals. This method presents a particularly insidious challenge as it exploits the trust inherently granted to verified users, complicating the detection process for organizations and blurring the line between legitimate and unauthorized access.
Compounding this issue, the report indicates a worrying technique shift: a 100% increase in 'Kerberoasting' incidents, an attack method used to breach Microsoft Windows Active Directory credentials. Additionally, the ease with which cybercriminals can now obtain valid credentials—bolstered by an alarming 266% rise in infostealer malware activities—feeds into a larger ecosystem that supports and enhances the dark web's marketplace for stolen identities. The seamless interplay between infostealer malware, credential theft, and subsequent system infiltration forms a nefarious chain, with each link reinforcing the other. These developments emphasize the vital need for organizations to adopt robust identity protections, consistently reassess and audit their security postures, and employ a defense-in-depth strategy to mitigate these ever-evolving cyber risks (IBM)
Impact on Legal Organizations
Law firms, guardians of sensitive client information, are facing an increasing wave of cyberattacks, reflected in a 154% increase in federal data breach class actions over the last year, with lawsuits against law firms citing inadequate security measures to protect data from cyberattacks10. This trend underscores a pressing challenge: firms must navigate the fine line between stringent cybersecurity measures and the operational need for data accessibility. As cyber threats evolve, so too must the legal industry's approach to safeguarding data. The rising number of class action lawsuits serves as a stark reminder of the consequences of failing to do so, urging a reevaluation of cybersecurity protocols to protect against financial, reputational, and legal repercussions (Skolnik et al.).
In safeguarding against cyber threats, legal organizations must recognize the importance of identity verification tools. These tools are pivotal in authenticating the identities of individuals accessing sensitive data, thereby preventing unauthorized access and ensuring that information remains secure. Incorporating such mechanisms forms a crucial component of a comprehensive cybersecurity strategy, bolstering defenses against potential breaches and reinforcing client trust. Additionally, organizations should prioritize strong password policies, employ two-factor authentication, and ensure that their software is regularly updated to mitigate vulnerabilities. To respond to phishing and other malicious activities, regular cybersecurity training for staff members is critical. These measures, when combined, can form a robust defense against the increasingly sophisticated cyber threats targeting the legal industry.
Conclusion
As the remote work paradigm becomes more entrenched, legal organizations find themselves at the nexus of increasing cyber vulnerabilities and heightened legal responsibilities. The dramatic upswing in identity-based threats and insider risks in the legal sphere calls for a rigorous and evolving approach to data protection. Identity verification tools, robust password policies, two-factor authentication, timely software updates, and continuous cybersecurity training constitute the arsenal that legal firms must employ. Furthermore, legal entities should extend their cybersecurity strategies beyond compliance to embrace a culture of security-first thinking, integrating advanced defenses into their operational framework. It is a call to action for companies to not just view data protection as a regulatory checklist but as a fundamental aspect of their strategic vision to fortify their resilience against the cyber onslaught and maintain the sanctity of the client trust bestowed upon them.
References
Pratt, M. K. (2022, August 31). Remote work cybersecurity: 12 risks and how to prevent them. Remote Work. https://www.techtarget.com/searchsecurity/tip/Remote-work-cybersecurity-12-risks-and-how-to-prevent-them
Anant, V., Banerjee, S., Boehm, J., & Li, K. (2020, July 7). A dual cybersecurity mindset for the next normal. McKinsey & Company. https://www.mckinsey.com/business-functions/risk-and-resilience/our-insights/a-dual-cybersecurity-mindset-for-the-next-normal
Coden, M., Close, K., Bohmayr, W., Winkler, K., & Thorson, B. (2024, February 22). Managing the cyber risks of remote work. BCG Global. https://www.bcg.com/publications/2020/covid-remote-work-cyber-security
NSA releases Best Practices for Securing Your Home Network. National Security Agency/Central Security Service. (2023, February 22). https://www.nsa.gov/Press-Room/News-Highlights/Article/Article/3304674/nsa-releases-best-practices-for-securing-your-home-network/
Home Network Security: CISA. Cybersecurity and Infrastructure Security Agency CISA. (2024, March 13). https://www.cisa.gov/news-events/news/home-network-security
O’Donnell, A. L., & O’Donnell, L. (n.d.). Work from home opens new remote insider threats. Threatpost English Global threatpostcom. https://threatpost.com/work-from-home-opens-new-remote-insider-threats/156841
Why remote work increases the risk of insider threats. Cyolo. (n.d.). https://cyolo.io/blog/why-remote-work-increases-the-risk-of-insider-threats/
NetDocuments. (n.d.). More than half of data breaches at UK legal firms were caused by insiders. https://www.netdocuments.com/press-releases/more-than-half-of-data-breaches-at-uk-legal-firms-were-caused-by-insiders
IBM. (2024). (rep.). X-Force Threat Intelligence Index 2024. Retrieved March 16, 2024, from https://www.ibm.com/reports/threat-intelligence.
Sharon D. Nelson, J. W. S. (2023, August 1). Law firm data breaches surge in 2023. Above the Law. https://abovethelaw.com/2023/08/law-firm-data-breaches-surge-in-2023/
Skolnik, S., Witley, S., & Cohen, O. (2023, July 7). Law firm cyberattacks grow, putting operations in legal peril. Bloomberg Law. https://news.bloomberglaw.com/business-and-practice/law-firm-cyberattacks-grow-putting-operations-in-legal-peril
