Securing the digital client journey

SECURING THE LAW FIRM

5th July 2023 • London, UK

Solving cybersecurity’s people problem

 

From insider error to CISO burnout, most cybersecurity issues are human - not machine. It’s time to prioritize people over process and technology.

 

A well-known piece of UK ICO research highlights the most common causes of data breaches in the legal sector:

 

52% occurred from sharing data with the wrong person (via email, post, or verbally)
• 25% occurred from phishing attacks
• 10% occurred from losing data (loss/theft of a device containing personal data, or of paperwork or data left in an insecure location)
• 54% occurred from verbal disclosure; failure to redact or use Bcc; alteration of data; hardware misconfiguration; documents emailed or posted to the wrong recipient

 

These human errors from non-technical employees are compounded by three other human factors. First, technical staff are human and make errors themselves. Second, malicious staff are creating deliberate insider risk. And third, CISOs and other cybersecurity staff are burning out and/or changing careers at an alarming rate at the same time as filling key security positions is made almost impossible by the extreme talent shortage in the sector.

 

One of Gartner’s key strategic assumptions is that by 2025, nearly half of cybersecurity leaders will change jobs, 25% for different roles entirely due to multiple work-related stressors.

 

None of this is remotely surprising. However, huge amounts of the cybersecurity conversation still revolves around complex threats and vulnerabilities, while most of the real risk of data breaches remains with very simple human errors.

 

The same is true of other kinds of the most common and damaging cyber attacks. From BEC attacks to ransomware, the problem is fat fingers, carelessness or a genuine inability to tell fake from real.

 

The cybersecurity debate defaults to technology because that is the easiest part to address; the many human-related issues are either swept into the ‘awareness and training’ bucket or they are tacitly written off as impossible to solve.

 

So is there a better way to think about cybersecurity, starting with the practical business and human realities? This edition of Securing the Law Firm will try.

 

Securing the Law Firm will look at the latest thinking around legal cybersecurity. As well as presentations from some of the world’s largest firms we will also be asking how small and medium-sized organisations can keep up with cybersecurity best practice in the sector.

  • From awareness to behaviour

    • There’s too much talk of awareness in cybersecurity and not enough talk about actually changing behaviour.
    • There’s too little talk of personal accountability and disciplinary enforcement of security policies.
    • These are controversial statements - but should they be?
    • Isn’t part of the paradigm shift we need a fundamental change in employee responsibility?
  • Re-thinking email and messaging: is there a better way?

    • From secure web gateways to clever tools designed to let employees flag suspicious emails, technologists have tried to solve the problem of email and message-delivered malware. And they’ve failed.
    • This is still the number one vector for the cyber attacks that cause real damage.
    • Is there another way?
  • Fixing Cloud configuration

    • Cloud security is a multi-dimensional problem.
    • But underneath all the technology and complexity, once again it is human error that is likely to cause the most material losses.
    • For large firms with complex hybrid and multicloud environments, this problem is compounded.
    • So, what are the most common errors and how can they be avoided?
  • Solutions for CISO burnout

    • The number of security professionals on LinkedIn who’ve left without another job to go to is astonishing given the shortage of cyber-talent.
    • Are CISOs being fired for breaches?
    • Are they quitting companies who’ve lied about their commitment to security?
    • How can firms solve this problem?

     

  • Re-engineering the SOC: the problem of alert overload

    • One specific example of staff overload is the SOC.
    • There are debates over the value of network traffic analysis and other data.
    • Meanwhile SOC teams are flooded with false positives and even ‘smart’ solutions do not alter this calculus very much.
    • Is the answer to outsource or evolve?
  • Streamlining tools and information: focus on insight

    • To solve their problems cybersecurity teams are told to add ever more tools to their stacks, and ingest ever more internal and external data.
    • And then they are told to somehow aggregate all of that complexity to detect cyberattacks, determine risk metrics and all the rest of it.
    • So how to change the paradigm?

Who attends

Job titles

Chief Information Officer
Global I.T. Risk Manager
Senior Risk & Security Manager
Senior Cyber Security Manager
CISO
CIO & IT Director
VP Cyper Defense Response
Head of Digital Risk Management and Compliance
Partner - Head of Data Protection
CISO
Senior Information Security Executive
IT Infrastructure and Operations Manager
Head of IT (UKMEA)
I.T. Manager
Legal Technology Co-ordinator
In-house Privacy and Data Protection Lawyer
Senior Manager IT Security
Senior Auditor
In-House Counsel
Manager IT Security and Compliance
Head of Cyber, Partner
Enterprise Architect
Head of Information Security
International Head of Operational Risk
Information Security & Business Continuity Manager
Head of IT Security
IT Director - EMEA
Director de Sistemas de Información
IT Enterprise Architecture Manager
Head of IT Europe & ME
Technical Solutions Architect
I.T. Director EMEA
Cyber Security Manager
Senior Security Risk Analyst
IT Security and Governance Manager
Head of IT, UK, EMEA & Asia
Information Security & Compliance Officer
Head of Information Security
Director of I.T. & Knowledge Management
Information Governance, Senior Manager
IT Director
Global IT Operations & Security Manager
Chief Information Security Officer (CISO)
Deputy CIO / CISO
Global Business and Information Risk Manager - Legal
Global Head of I.T. Controls
Head of Commercial & I.T. Risk
Head of IT Security & BCM Leader
Global Director of I.T. Risk & Information Security
Global Data Privacy Officer
Information Security & Risk Manager EMEA
Head of IS & DP
Risk And Compliance Manager
Security & Data Manager
Manager of Technology
Compliance Manager & Data Protection Officer
Head of Information Systems and Technology
I.T. Security Manager
Senior Information Security Engineer
Director of Technology Compliance
Senior Risk Advisor - Privacy & Data Protection
Senior Information Security Manager
Chief Operating Officer
Lead Information Security Officer
Partner & Director of Risk Management
In-House Counsel
Chief Information Security Officer
Head of IT
Director of Global Infrastructure
Global Information Security Risk Manager
Head of Global Information Security
Global I.T. Security Manager
Head of Risk - Associate Director
Head of I.T. Operations & Security
Information Security / Risk Manager
Director of I.T. Security
Senior Manager, IT Security, UK, EMEA & Asia
Senior Legal Counsel
Director, Global Enterprise Security Architect
IT Solution Delivery Manager
IT Operations & Security Manager
Head of Compliance & Risk Management
Head of IT and Projects
Global I.T. Director
In-House Lawyer
Regional Information Security Manager - EMEA & ASIA
CIO
Global Director of Information Technology
Head of Supply Chain Information Risk
Senior IT Security and Compliance Analyst
I.T. Security & Networks Team Leader
Risk & Compliance Partner
Regional IT Manager (Europe)
Data Privacy Manager
Senior Enterprise Architect
Group Head of Content Protection, Cyber Security & Investigations
Risk & Business Continuity Manager
Operations and IT Director
Data Protection/Privacy Manager
Information Security Compliance Manager
CISO
Global Information Security Manager
Head of IT Operations
Senior Information Security Officer
Global Director of IT Risk & Security
CISO
Risk & Compliance Executive
Head of Network & Infrastructure
Infrastructure & Network Security Specialist
IT Risk & Compliance Analyst
National Head of Counter Fraud
Global Security Manager
Group Head of Information Risk and Security
Senior Manager of Cyber Security
Group Security Lead
IT Director
Head of I.T. Security
Vice President, Information Security
Director of Technology - Europe
Head of Technology, Cyber & Data
GDPR Manager
Global CISO
Head of Compliance
Chief Information Security & Technology Officer
CTO
EMEA CIO
CISO, Head of Cyber Security and Data Protection Officer
Information Security Manager
General Counsel
Global Business Information Risk Officer (BIRO) - Group Legal
Risk and Compliance Analyst
Partner
Head of Systems and Infrastructure
Director of Compliance and Data Protection - Europe
Head of Data Protection & Cyber Security Group
Director of Technology & Information
Global Business Continuity Manager
Corporate Security Awareness Transformation Manager
European I.T. Manager
Director of IT
Head of I.T.
Chief Technology Officer
Head of IT
Global Security Engineer
Head of Information Security
Global Infrastructure & Security Manager
Head of Cyber Security
I.T. Infrastructure Manager
European Privacy Counsel
IT Security Operations Manager

Organisations

23 Essex Street
11 South Square
Boodle Hatfield
Slaughter and May
Serle Court
Boyes Turner
Howard Kennedy
Mills & Reeve
Phillips Solicitors
Covington & Burling
Lester Aldridge
Anthony Gold
Weightmans
Stewarts Law
Kemp Little
FBI
5 Paper Buildings
Ropes & Gray
Watson Farley & Williams
Withers
Bristows
Taylor Vinters
Sacker & Partners
Osborne Clarke
Carter Perry Bailey
Dehns
Payne Hicks Beach
Kennedys
Seddons
Latham & Watkins
Kerman and Co
King & Wood Mallesons
Lee Bolton Monier-Williams
Stephenson Harwood
Charles Russell Speechlys
Russell-Cooke
HM Prison Service
Gannons Solicitors
Reddie & Grose
4 New Square
Wedlake Bell
DAC Beachcroft
Fladgate
Edwards Wildman Palmer
Travers Smith
The Bar Council
Lewis Silkin
Kingsley Napley
Mayer Brown
Linklaters
Wellers Law Group
Michelmores
Keystone Law
Horwich Farrelly
Trowers & Hamlins
Dentons
Howes Percival
Ashfords
Dawson Cornwell
GE Capital
Browne Jacobson
Taylor Walton Solicitors
iLaw
Bentleys Stokes & Lowless
3 Verulam Buildings
Keoghs
Foot Anstey
Womble Bond Dickinson
Squire Patton Boggs
Joseph Hage Aaronson
Clarke Willmott
Cripps
Baker McKenzie
TLT
Holman Fenwick Willan
Arnold & Porter Kaye Scholer
Blake Morgan
Thrings
DLA Piper
Mathys & Squire
Carter Bells
Uría Menéndez
Hogan Lovells International
Laura Devine Solicitors
Arendt & Medernach
Vodafone
Magrath
DMH Stallard
Taylor Wessing
Simons Muirhead & Burton
Freeths
Orrick Herrington & Sutcliffe
ticketmaster
Hiscox
Burness Paull
DWF
Clifford Chance
Mishcon De Reya
Asda
Forsters
Bindmans
Pinsent Masons
Ince & Co
Gateley Plc
Glovers
Doyle Clayton
Simmons & Simmons
Bryan Cave Leighton Paisner
Herbert Smith Freehills
Ward Hadaway
Penningtons Manches
Reed Smith
Laytons Solicitors
HSBC
Milbank
Macfarlanes
Eversheds Sutherland
Mewburn Ellis
Memery Crystal
Beale & Company Solicitors
Kilburn & Strode
McGuireWoods
Clyde & Co
Ashurst
Colman Coyle
Allen & Overy
Cloth Fair Chambers
Hengeler Mueller
Fieldfisher
Irwin Mitchell
Bevan Brittan
Bird & Bird
Fountain Court Chambers
Shoosmiths
Crown Prosecution Service
Wiggin
Boult Wade Tennant
Littleton Chambers
Carpmaels & Ransford
Freshfields Bruckhaus Deringer
Addleshaw Goddard
Norton Rose Fulbright
Brodies
Sidley Austin
Cushman & Wakefield
Fragomen
Gilchrist Solicitors
Farrer & Co
Edwin Coe
Simkins

Industries

Barristers Chambers
Legal
Legal
Legal
Banking
Insurance
Legal
Insurance
Legal
Legal
Legal
Banking
Legal
Legal
Legal
Automobiles/Parts
Legal
Legal
Barristers Chambers
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Insurance
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Oil/Gas
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Barristers Chambers
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Banking
Legal
Legal
Legal
Legal
Legal
Barristers Chambers
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Banking
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal