Rise in cyber risk leads to jobs boost
The growing influence of the internet in law has opened up a wealth of opportunities for cyber law specialists, according to cyber law expert Bradley Deacon.
Mr Deacon previously worked as a federal agent in the Australian Federal Police Computer Crime Unit Sydney.
He has experienced the rise of cyber crime first-hand and was a member of the team that imposed the first jail sentence on a computer hacker in 1995.
“The internet touches almost every area of the law,” Mr Deacon told Lawyers Weekly. “A host of opportunities for lawyers are opening up in the area of cyber law.”
While some view cyber law as a sub-specialty of intellectual property, it is becoming a much broader field, Mr Deacon explained.
Cyber law encompasses e-commerce, criminal cases such as child pornography and cyber bullying, hacking and doxing (publishing private information online).
It also deals with illegal online activity conducted through anonymous channels known collectively as the ‘darknet’.
“The internet as most users conceive it is only a fraction of the entire web,” said Mr Deacon.
The darknet, which can be accessed using encryption mechanisms like ToR, comprises around 200,000 to 400,000 sites, according to Mr Deacon.
“The darknet provides a marketplace for a wide variety of illegal substances, services, and communications,” said Mr Deacon.
Cyber spies and hackers targeting firms
Law firms, like all large businesses, are increasingly vulnerable to cyber attacks, said Mr Deacon.
Cyber criminals are finding ways to circumvent corporate system protections by gathering intelligence through social media before launching an attack, he continued.
Some perpetrators use a technique called 'phishing', whereby staff are lured into clicking innocent-looking links.
To make the link more convincing, cyber criminals include personal information about social media ‘friends’ or mention a work colleague by name, said Mr Deacon.
“And then the unsuspecting staff member opens the link which may be Ransomware or Malware,” he said.
“Law firms of all sizes are vulnerable,” continued Mr Deacon.
At least 80 of the 100 biggest firms in the US by revenue were hacked between 2011 and 2012, according to cyber security firm Mandiant.
“Since at least 2009, the FBI, the US Secret Service, and other law enforcement agencies have warned the managing partners of big US firms that their computer files are targets for cyberspies and thieves in China, Russia, and other countries, including the US,” said Mr Deacon.
These hackers are looking for valuable information about potential corporate mergers, patent and trade secrets and litigation plans, he added.
Mr Deacon said law firms are not yet responding to the threat of cyber crime through such measures as in IT security education, hardware encryption modules, next-generation firewalls and cyber incident response plans.
“I do not believe law firms have enough processes in place in general,” he said. “Hackers target corporations [and] go to great lengths to compromise large and small companies.”
Law firms also need to manage the risks associated with third-party outsourcing, he continued.
“They need stringent IT audit systems and the finest IT security team in place to keep a check on third-party service providers,” he said.
“[Law firms also need] watertight MOUs and service agreements in place to ensure the third-party provider allows access by the firms IT security team.”
Mr Deacon will be delivering a webinar for CPD for Me next Monday on the topics of Cyber Threat In The Digital Age and Demystifying Cyber Security The Darknet (Deep Web).