With the signing of an executive order on February 13, 2015, President Barack Obama encouraged companies within various industry sectors to better combat online security breaches through the formation of organizations dedicated to the sharing of information related to threats. Although some industries — including the financial sector, through its Financial Services Information Sharing and Analysis Center — already have these types of organizations in place, many others do not.
The legal industry is one such sector. However, for some time now, there has been discussion of forming an alliance between banks and law firms through the development of a legal industry counterpart to the FS-ISAC, that would allow the two industries to anonymously share information related to security threats and breaches. Given the close working relationship between the banking and legal sectors and the growing threat of cyber-attacks, enthusiasm for such a partnership is growing.
Identifying and responding to threats
Much of the concern stems from the fact that hackers have begun targeting larger law firms as sources of information related to major corporate clients, and that have company secrets, business strategies and intellectual property that represent attractive and valuable pieces of information. However, many such attacks are not reported because private firms simply are not required to do so.
However, the urgency of combating cyber-attacks has grown as their frequency has increased. Furthermore, cyber-attacks on law firms and financial organizations have implications outside of those industries. Some recent attacks appear to be the work of hackers associated with the Chinese government. The potential that patents, trade secrets and even information related to military weapons systems may fall into the hands of these hackers hastens the resolve of legal and financial industry professionals to develop better and more collaborative approaches to dealing with cyber-security matters.
Last summer’s security breach at JPMorgan, which made 83 million customers’ email addresses, mailing addresses and phone numbers available to hackers, also increased the urgency for the inter-industry partnership. Particularly when cyber-attacks make the news, as they did in the JPMorgan case and in recent data breaches at retail outlets like Target and Home Depot, it raises the specter of declining consumer confidence.
Also driving the legal industry’s interest in anonymously sharing information related to cyber-threats is growing interest on the part of banks in requiring better online security assurances from any law firms they might wish to retain. Some banks have gone as far as to require that any legal firm engaging in business with them should do no bank-related business on computers accessible through a public network.
What becomes of the legal and financial industries’ potential partnership in combating cyber-attacks remains to be seen. That both sides appear to be taking the situation seriously, however, is good news for both industries, as well as for their clients.
BoltNagi is an established and respected corporate law firm serving businesses and organizations throughout the U.S. Virgin Islands.