Cyber-attacks industry-specific, not geolocation
Despite some dubbing Australia as falling behind when it comes to protection against cyber-criminals, experts in the space say they should be more concerned about the industry they operate in, rather than where the business is situated.
Relativity’s Amanda Fennell spoke to Lawyers Weekly at Relativity Fest, held in Chicago, Illinois.
In her role as chief security officer and involvement in Relativity’s security group, Calder7, Ms Fennell regularly comes across cyber threats and has to act accordingly.
One of the trends she’s seen play out has been the emergence of cyber-attacks. However, unlike some market commenters, Ms Fennell says these attacks have more to do with the type of industry being targeted, as opposed to the geolocation of any one business.
“I don't necessarily feel that the US organisations are in any way better or worse [prepared when it comes to cyber-attacks]. I actually think it’s really commensurate,” Ms Fennell said.
“We work globally with a lot of different companies and we see a lot of different things. What I see is an attack is still based on industry and not based on the geolocation. I feel like they’re still attacking, especially in this particular industry, they’re still going after the fact that you are global. Everyone’s global. So you are at some point remote and you have to use tools to be remote. Those are the places and supply chain attacks that are going to make you weak.
“You’re just as weak in Australia if you’re using an application with a critical vulnerability in it, like if you need to use Skype, or Zoom, or Citrix, or LogMeIn, or remote viewer teams. There’s any number of things you’re going to use.
“Adversaries know you’ve got to use something in this world nowadays because you are global and you’re just as exposed in Australia as you are in the United States with us.”
A big part of being properly protected is to retain employees that have knowledge in cyber security and the threats that come with it, according to Ms Fennell.
“You have a lot of people who are starting to focus in that specific in this industry. They know there is something financial to gain from the data. They’ve started to put that together. There’s intellectual property, there’s mergers and acquisitions, there’s any number of things that have started to be in the news about any government,” she explained.
“They’re starting to realise there is data to be had. Where do I get that access to that data? What is my weak link? Well, people love to say it’s the people. I don’t think it’s the people. I think that people are going to be your greatest strength, actually, because you can put plenty of tools in place to protect you but if after all of the tools fail the last line of defence you’re going to have is a person.
“Because of that, I think that this industry is going to learn more and more over the next few years to really level up and be strong, and realise that your security practices in the law firms are the last line of defence.”