Issue link: http://dsnews.uberflip.com/i/1149365
72 2. Social Engineering: Perhaps one of the more common crimes in the legal sector involves a hacker taking the identity of someone within a firm in order to force an action. For example, a hacker will infiltrate the email box of Law Firm A's Managing Partner. e hacker then composes and sends an email to Law Firm A's accounting department requesting a wire transfer of $100,000. Believing that the request is legitimate, the accounting manager sends the requested funds. Although the transmitted funds are often unrecoverable, most cyber-insurance policies have a specific sub-limit for social engineering. 3. Spear Phishing: Spear Phishing begins when an unsuspecting person receives an email from what they believe to be a legitimate source. Usually, this email will contain a hyperlink, and once the recipient clicks on that link, a hacker immediately gains access to professional and personal information. e hacker can now view anything that the employee has access to on the firm's servers. In the default space, such an action could potentially expose thousands of records of confidential borrower information, including social security numbers. 4. Rogue Employee: According to Travelers, inside threats account for 15% of all data breaches. is type of threat is especially concerning due to the level of access some employees have to confidential or sensitive information. Not only can rouge employees access information, but they can also install malware or other malicious programs if they are technologically competent. 5. Ransomware: Citing the Verizon Data Breach Incident Report, Travelers acknowledges that Ransomware is the fifth most common form of malware. Ransomware occurs when an individual penetrates a firm's network and essentially holds their private information "ransom" until some form of monetary compensation is received. Upon receipt of payment, the individual hopefully then releases the information back to the firm. e most recent and crippling example of this came in 2017 with a Ransomware attack on DLA Piper. e attack resulted in the complete shutdown of the firm's entire U.S. IT operations for several days. NUMBERS DON'T LIE In her 2018 Gallup article "Cybercrimes Remain Most Worrisome to Americans," Megan Brenan found that Americans are more concerned about cybercrimes than violent crimes. Perhaps just as alarming, 71% of those polled indicated that they frequently fear a computer hacker will access their personal financial information. Brenan further noted, "e frequency with which Americans worry about becoming victim to a variety of different crimes is similar to last year, as they remain much more likely to fear being victimized by cybercrimes than traditional crimes." e impending fear of victimization has continued to grow over the years, in part due to Americans' increased reliance on digital information. Millions of Americans have been affected by a data breach in one form or another, whether due to an isolated incident such as identity theft or by way of a larger data breach. Continued dependency on digital platforms has increased potential exposure, whether in the form of online banking or through social media. According to the American Bar Association (ABA), 25% of all law firms in the United States have experienced at least one data breach. While firms certainly maintain a looming fear of an imminent breach, a core driver for such fears pertains to the hard and soft costs relating to an actual cyber loss. e ABA estimates that, of the firms infiltrated by a cyber threat, "notification is typically the largest single direct cost, with an estimated cost of $200,000. is includes requisite activities such as creating contact databases, retaining outside experts, postal expenditures, and determining regulatory requirements." In terms of a direct loss, the same article references a 2016 report by insurer QBE. A study by the insurer confirms that more than $120 million was stolen across the legal profession within an 18-month period as the result of data breaches. If that number was not staggering in and of itself, there are also the resulting soft costs of cyber loss, including employee and network downtime, loss of billable hours, unrecoverable date, and reputational damage. In addition, law firms could be susceptible to lawsuits from their clients. MITIGATING THE THREAT e ABA has produced a treasure trove of valuable information to help firms not e ABA estimates that, of the firms infiltrated by a cyber threat, "notification is typically the largest single direct cost, with an estimated cost of $200,000. is includes requisite activities such as creating contact databases, retaining outside experts, postal expenditures, and determining regulatory requirements."