Change the business, secure the business

14th Securing The Law Firm
Online, 28th January 2021

 

Securing next-gen legal technology:
How can law firms keep up with constant attacks, deal with privacy issues, AND develop and secure their VLAs, lawbots and RPA?

When law firms make the cybersecurity headlines it’s generally a high-profile third-party issue, like the 193 firms recently impacted by the Laserform Hub breach, or ‘glamorous’ attacks like the ransomware attack on Grubman Shire Meiselas & Sacks, who represent Lady Gaga, Bruce Springsteen and President Trump, among others, and from whom hackers demanded $42 million in exchange for 756GB of stolen data.

But the truth is usually more mundane. Law firms are high-value targets in their own right and as third-parties to the world’s largest and richest organisations. A recent report on the sector concluded that they faced ‘millions of threats’ in a constant bombardment of persistent and sophisticated attacks. The Dark Web is replete with pleas for access to law firms and with offers of information allegedly stolen from them.

So law firms, like other targets, need to ensure they have robust defences against ransomware, BEC and other spearphishing campaigns, DDoS attacks and the other threat types that pose the greatest risks to all high-value targets. Worryingly, according to a comprehensive recent survey of the sector, many firms still do not have sufficient protection against email spoofing; many are running services with well known vulnerabilities and using web software which is out of date and no longer supported by its developer; many have one or more expired certificates and are running various domain registration risks.

Law firms too, like most other organisations, are being forced into accelerated Cloud deployments, creating issues in everything from AWS to which Microsoft 365 licence to buy and whether to go for a one-stop shop or to layer specific security tools onto the general features of the monopoly platforms.

And the increased pace of transition means increased risk of exposure. Cloud assets were involved in 24% of breaches this year, with applications a key issue. 40+% of those breaches came from web apps, rapidly overtaking desktop as the top source of breach.

More surprisingly, according to a freedom of information request made to the Information Commissioner’s Office (ICO), nearly half (48%) of the top 150 law firms have reported data breaches since the GDPR came into force in May 2018. And, of those breaches, 41% were a result of emailing the wrong person.

This kind of human error is one problem CISOs may not be responsible for, but GDPR is causing law firms many headaches because their business revolves around sharing sensitive date. Leading law firms are asking the Information Commissioner needs to provide specific guidance to law firms on how they can lawfully share personal data. It’s a serious problem.

Securing the Law Firm 2021 will take place online and will look at how cybersecurity teams, risk management functions and boards are tackling the key issues. As digitalisation goes critical, is this finally the moment at which traditional cybersecurity management has to change?

  • Cybersecurity for business resilience

    • Forced, rapid digitalisation has revealed the fragmented nature of many security programmes
    • Protecting the business while enabling innovation and flexibility requires new models and approaches for cyber
    • Are automation and orchestration the answer?
  • Sorting out GDPR compliance

    • Data privacy is still a minefield - enough so that law firms, whose job it often is to advise on the subject, have asked for more advice from the ICO.
    • The interpretation of specific articles, such as Article 14, is causing issues in areas as diverse as insurance, M&A and more.
    • Can security and privacy professionals ever be really confident that what they're doing is fully GDPR-aligned?
  • Strengthening identity and access management

    • IDAM is still the Achilles heel of many organisations
    • Remote working has thrown a spotlight on IDAM policies and the technologies that can help overstretched cybersecurity professionals tighten up
    • What have we learned from the past few months? Have any solutions or strategies proved their superiority?
  • Building in security: easier said than done?

    • As businesses ramp up their digital business models, it's critical that they build security in from the beginning
    • But given the speed at which businesses are having to transform, that's a big ask. Even pre-coronavirus, security teams often found it hard to gain leverage over the business
    • How can cybersecurity teams ensure digital transformation and innovation are done securely?
    • Is this a CIO vs CISO battle?
  • Improving visibility

    • Understanding your extended attack surface is crucial, but it's also more difficult than ever
    • According to Verizon's DBIR, half of all companies are present on 7 or more networks and struggle to achieve visibility into their entire asset footprint
    • The shift to Cloud-based storage and services, and remote employees working on their own networks and devices, make full visibility even harder to achieve - what can CISOs do?
  • What to do about ransomware?

    • Ransomware has come a long way from 'spray and pray' phishing emails and website popups
    • What are the focused, sophisticated methods organised criminals are now using to get a better ROI for their efforts?
    • How should CISOs respond? Is the answer better security - or just better backup and recovery solutions?
  • Securing the workplace revolution

    • Lockdowns and the extremes of WFH will end, but the cost, productivity, work-life balance and carbon benefits of remote working mean it's here to stay.
    • As flexible working becomes the norm, new hardware, software and processes will need to be implemented across all areas of the business.
    • Many initial measures put in place were intended as a short-term stopgap. What new long-term security measures are required by a permanent change to working patterns?
  • Application security

    • According to SAP, 84% of cyber attacks happen on the application layer
    • Is it time for CISOs to switch focus from guarding the network perimeter to ensuring the applications you use are built securely?
    • What about apps developed and maintained by third parties, and running in the Cloud?

Who attends

Job titles

Chief Information Officer
Global I.T. Risk Manager
Senior Risk & Security Manager
Senior Cyber Security Manager
CISO
CIO & IT Director
VP Cyper Defense Response
Head of Digital Risk Management and Compliance
Partner - Head of Data Protection
CISO
Senior Information Security Executive
IT Infrastructure and Operations Manager
Head of IT (UKMEA)
I.T. Manager
Legal Technology Co-ordinator
In-house Privacy and Data Protection Lawyer
Senior Manager IT Security
Senior Auditor
In-House Counsel
Manager IT Security and Compliance
Head of Cyber, Partner
Enterprise Architect
Head of Information Security
International Head of Operational Risk
Information Security & Business Continuity Manager
Head of IT Security
IT Director - EMEA
Director de Sistemas de Información
IT Enterprise Architecture Manager
Head of IT Europe & ME
Technical Solutions Architect
I.T. Director EMEA
Cyber Security Manager
Senior Security Risk Analyst
IT Security and Governance Manager
Head of IT, UK, EMEA & Asia
Information Security & Compliance Officer
Head of Information Security
Director of I.T. & Knowledge Management
Information Governance, Senior Manager
IT Director
Global IT Operations & Security Manager
Chief Information Security Officer (CISO)
Deputy CIO / CISO
Global Business and Information Risk Manager - Legal
Global Head of I.T. Controls
Head of Commercial & I.T. Risk
Head of IT Security & BCM Leader
Global Director of I.T. Risk & Information Security
Global Data Privacy Officer
Information Security & Risk Manager EMEA
Head of IS & DP
Risk And Compliance Manager
Security & Data Manager
Manager of Technology
Compliance Manager & Data Protection Officer
Head of Information Systems and Technology
I.T. Security Manager
Senior Information Security Engineer
Director of Technology Compliance
Senior Risk Advisor - Privacy & Data Protection
Senior Information Security Manager
Chief Operating Officer
Lead Information Security Officer
Partner & Director of Risk Management
In-House Counsel
Chief Information Security Officer
Head of IT
Director of Global Infrastructure
Global Information Security Risk Manager
Head of Global Information Security
Global I.T. Security Manager
Head of Risk - Associate Director
Head of I.T. Operations & Security
Information Security / Risk Manager
Director of I.T. Security
Senior Manager, IT Security, UK, EMEA & Asia
Senior Legal Counsel
Director, Global Enterprise Security Architect
IT Solution Delivery Manager
IT Operations & Security Manager
Head of Compliance & Risk Management
Head of IT and Projects
Global I.T. Director
In-House Lawyer
Regional Information Security Manager - EMEA & ASIA
CIO
Global Director of Information Technology
Head of Supply Chain Information Risk
Senior IT Security and Compliance Analyst
I.T. Security & Networks Team Leader
Risk & Compliance Partner
Regional IT Manager (Europe)
Data Privacy Manager
Senior Enterprise Architect
Group Head of Content Protection, Cyber Security & Investigations
Risk & Business Continuity Manager
Operations and IT Director
Data Protection/Privacy Manager
Information Security Compliance Manager
CISO
Global Information Security Manager
Head of IT Operations
Senior Information Security Officer
Global Director of IT Risk & Security
CISO
Risk & Compliance Executive
Head of Network & Infrastructure
Infrastructure & Network Security Specialist
IT Risk & Compliance Analyst
National Head of Counter Fraud
Global Security Manager
Group Head of Information Risk and Security
Senior Manager of Cyber Security
Group Security Lead
IT Director
Head of I.T. Security
Vice President, Information Security
Director of Technology - Europe
Head of Technology, Cyber & Data
GDPR Manager
Global CISO
Head of Compliance
Chief Information Security & Technology Officer
CTO
EMEA CIO
CISO, Head of Cyber Security and Data Protection Officer
Information Security Manager
General Counsel
Global Business Information Risk Officer (BIRO) - Group Legal
Risk and Compliance Analyst
Partner
Head of Systems and Infrastructure
Director of Compliance and Data Protection - Europe
Head of Data Protection & Cyber Security Group
Director of Technology & Information
Global Business Continuity Manager
Corporate Security Awareness Transformation Manager
European I.T. Manager
Director of IT
Head of I.T.
Chief Technology Officer
Head of IT
Global Security Engineer
Head of Information Security
Global Infrastructure & Security Manager
Head of Cyber Security
I.T. Infrastructure Manager
European Privacy Counsel
IT Security Operations Manager

Companies

23 Essex Street
11 South Square
Boodle Hatfield
Slaughter and May
Serle Court
Boyes Turner
Howard Kennedy
Mills & Reeve
Phillips Solicitors
Covington & Burling
Lester Aldridge
Anthony Gold
Weightmans
Stewarts Law
Kemp Little
FBI
5 Paper Buildings
Ropes & Gray
Watson Farley & Williams
Withers
Bristows
Taylor Vinters
Sacker & Partners
Osborne Clarke
Carter Perry Bailey
Dehns
Payne Hicks Beach
Kennedys
Seddons
Latham & Watkins
Kerman and Co
King & Wood Mallesons
Lee Bolton Monier-Williams
Stephenson Harwood
Charles Russell Speechlys
Russell-Cooke
HM Prison Service
Gannons Solicitors
Reddie & Grose
4 New Square
Wedlake Bell
DAC Beachcroft
Fladgate
Edwards Wildman Palmer
Travers Smith
The Bar Council
Lewis Silkin
Kingsley Napley
Mayer Brown
Linklaters
Wellers Law Group
Michelmores
Keystone Law
Horwich Farrelly
Trowers & Hamlins
Dentons
Howes Percival
Ashfords
Dawson Cornwell
GE Capital
Browne Jacobson
Taylor Walton Solicitors
iLaw
Bentleys Stokes & Lowless
3 Verulam Buildings
Keoghs
Foot Anstey
Womble Bond Dickinson
Squire Patton Boggs
Joseph Hage Aaronson
Clarke Willmott
Cripps
Baker McKenzie
TLT
Holman Fenwick Willan
Arnold & Porter Kaye Scholer
Blake Morgan
Thrings
DLA Piper
Mathys & Squire
Carter Bells
Uría Menéndez
Hogan Lovells International
Laura Devine Solicitors
Arendt & Medernach
Vodafone
Magrath
DMH Stallard
Taylor Wessing
Simons Muirhead & Burton
Freeths
Orrick Herrington & Sutcliffe
ticketmaster
Hiscox
Burness Paull
DWF
Clifford Chance
Mishcon De Reya
Asda
Forsters
Bindmans
Pinsent Masons
Ince & Co
Gateley Plc
Glovers
Doyle Clayton
Simmons & Simmons
Bryan Cave Leighton Paisner
Herbert Smith Freehills
Ward Hadaway
Penningtons Manches
Reed Smith
Laytons Solicitors
HSBC
Milbank
Macfarlanes
Eversheds Sutherland
Mewburn Ellis
Memery Crystal
Beale & Company Solicitors
Kilburn & Strode
McGuireWoods
Clyde & Co
Ashurst
Colman Coyle
Allen & Overy
Cloth Fair Chambers
Hengeler Mueller
Fieldfisher
Irwin Mitchell
Bevan Brittan
Bird & Bird
Fountain Court Chambers
Shoosmiths
Crown Prosecution Service
Wiggin
Boult Wade Tennant
Littleton Chambers
Carpmaels & Ransford
Freshfields Bruckhaus Deringer
Addleshaw Goddard
Norton Rose Fulbright
Brodies
Sidley Austin
Cushman & Wakefield
Fragomen
Gilchrist Solicitors
Farrer & Co
Edwin Coe
Simkins

Industries

Barristers Chambers
Legal
Legal
Legal
Banking
Insurance
Legal
Insurance
Legal
Legal
Legal
Banking
Legal
Legal
Legal
Automobiles/Parts
Legal
Legal
Barristers Chambers
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Insurance
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Oil/Gas
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Barristers Chambers
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Banking
Legal
Legal
Legal
Legal
Legal
Barristers Chambers
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Banking
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal