find the latest legal job
Corporate/Commercial Lawyers (2-5 years PAE)
Category: Corporate and Commercial Law | Location: Adelaide SA 5000
· Specialist commercial law firm · Long-term career progression
View details
Graduate Lawyer / Up to 1.5 yr PAE Lawyer
Category: Personal Injury Law | Location: Brisbane CBD & Inner Suburbs Brisbane QLD
· Mentoring Opportunity in Regional QLD · Personal Injury Law
View details
Corporate and Commercial Partner
Category: Corporate and Commercial Law | Location: Adelaide SA 5000
· Full time · Join a leading Adelaide commercial law firm
View details
In-house Legal Counsel & Commercial Lawyers
Category: Corporate and Commercial Law | Location: All Sydney NSW
· Providing lawyers with flexibility and control over when they work, how they work and who they work for.
View details
In-house Legal Counsel & Commercial Lawyers
Category: Corporate and Commercial Law | Location: All Melbourne VIC
· Providing lawyers with flexibility and control over when they work, how they work and who they work for.
View details
Legal profession lagging behind on cyber security front

Legal profession lagging behind on cyber security front

Dave Coughanour

The legal profession as a whole is still playing catch up with other industries when it comes to cyber security, according to an expert from an international law firm.

Speaking to Lawyers Weekly on his recent trip to Australia, K&L Gates director of security and information management, Dave Coughanour (pictured), identified key trends in relation to the legal profession and cyber security.

Throughout his career, Mr Coughanour has worked at a large Pittsburgh-headquartered financial institution, where he ran the full suite of their cyber operations programs. He began his role at K&L Gates after being given an opportunity from the firm’s CIO at the time to take over all of both the physical and information security operations for the firm globally.

This, coupled with his work at the financial institution, gave him a key insight into the risk that cyber threats play on organisations of all sizes and areas of expertise.

“Within the legal sector, the absolute biggest trend is – this isn't meant to sound too negative – but it’s basically playing catch up with other industries,” Mr Coughanour said.

“There hasn't been a lot of cyber security pressure or regulation in the legal space that I can tell from the last five to 10 years. What we're seeing now is almost, for lack of a better term, trickled down regulation within the large law firms where let’s say you have a large number of financial clients, the financial clients are now required to have security measures by their auditors and regulators. They're required to comply with some fairly stringent security practices and policies. They're also required to assess their third-party suppliers and vendors.

“It was pretty interesting when I came over from a bank to work at a law firm. The actual regulations just seemed to immediately follow me because the banks were taking what they were required to do, and basically modifying it slightly and passing it directly onto their outside counsel. So the client demands are really incentivising the firms to really up their security game, and in the long run, I believe that will be healthy for everyone.”

On a global scale, Mr Coughanour noted that because law firms have had to play catch up with other industries, they are often privy to cyber crime, more so than other client-facing services.

“We're seeing many other sectors becoming just much faster fish. It’s harder to hack into a bank, it’s harder to hack into a defence-contractor or critical infrastructure company, so hackers are shifting their focus to what they perceive to be the weaker link in the chain, which is why law firms need to ensure their cyber security systems are keeping up with other industries,” he said.

“The trend, which really started in March of last year and has been happening off and on since, has been the targeting of merger and acquisition data held at law firms. That's information that is very easy to monetise, it can be quite lucrative, and I see that trend continuing for firms that are heavily known for M&A work.”

Other practice areas at risk are any that involve intellectual property, Mr Coughanour said.

“Anyone who has information that could be worth millions or tens of millions of dollars,” he said.

Futhermore, Mr Coughanour said that as the criminal market continues to climb, there will be new challenges law firms need to be wary of.

“Broadly speaking, most of the cyber security issues we've seen since at least 2012 have been online crime, basically defrauding people of their money. The actual techniques that are used haven't really changed significantly in at least the last five years. I'd go as far to say that they've been the same for the last decade,” he said.

“While the countermeasures are starting to catch up, and it’s getting harder and harder to run those older scams, there will be a shift to new methods to separate people from their money.

“One of the interesting things that I've been noticing is they almost have gotten too good at compromising credit card numbers and personal information; and the bank controls to prevent traditional types of online fraud, like carding and those types of operations, have become less productive. You actually see the cost per record of a breached credit card just plummet.”

Mr Coughanour noted that it's essential for the profession to “follow the underground economy to get a sense of what is coming after you next”.

“The big thing for 2016, and I guarantee this will go on for 2017 to 2018, is the uptick in ransomware. That's not going anywhere anytime soon,” he said.

“With that in mind, the biggest risk to the legal sector is really criminal groups becoming hungrier and having to find different targets – and law firms are within that bubble, within that scope, especially with ransomware.

“If you do not have good controls around ransomware, it could be incredibly disruptive to a law firm. It could lead to reputational damage, you could miss filings, and you could lose clients over those types of delays very quickly.”

Mr Coughanour said K&L Gates has combatted the risk of cyber threats by installing a standardised security platform globally.

“Therefore, the security of our Australian offices is exactly on par with our US offices and EU offices,” he explained.

He advised other firms to place value on their cyber security measures to avoid any negative repercussions that come with not having a key strategy in place to mitigate the threats.

“This is a little bit anecdotal for obvious reasons because understandably law firms are not that keen to disclose their actual security posture, but I would say as a general trend, larger firms are more secure even though they have a greater surface area, and they have more operations that might come under attack. They have the resources to deploy teams that can actually guard against it,” he said.

“There's no way that, let's say a firm of 50 lawyers, would ever be able to field a cyber security team that can match what a bank or a Fortune500 company has.”

When asked what should those at risk be doing to decrease their chances of being subject to cyber crime, Mr Coughanour said “That really depends on what their focus area is, their size and what resources they can bring to the table.”

“The first thing to do is really understand your business and understand who might come after it,” he said.

“There's no way that you can defend against every possible threat, every possible scenario, unless you have a little bit of context around who might actually try to interfere with your operations.”

Like this story? Read more:

QLS condemns actions of disgraced lawyer as ‘stain on the profession’

NSW proposes big justice reforms to target risk of reoffending

The legal budget breakdown 2017

Legal profession lagging behind on cyber security front
lawyersweekly logo
Promoted content
Recommended by Spike Native Network
more from lawyers weekly
Dec 14 2017
International arbitration and business culture
Promoted by Maxwell Chambers. This article discusses the impact of international arbitration on t...
Papua New Guinea flag
Dec 14 2017
World-first mining case launched in PNG
Citizens of Papua New Guinea have launched landmark legal proceedings against the country’s govern...
Dec 14 2017
Punishing offenders twice pointless, politicians warned
The president of the Law Society of NSW has warned legislators from other states about adopting cont...
Allens managing partner Richard Spurio, image courtesy Allens' website
Jun 21 2017
Promo season at Allens
A group of lawyers at Allens have received promotions across its PNG and Australian offices. ...
May 11 2017
Partner exits for in-house role
A Victorian lawyer has left the partnership of a national firm to start a new gig with state governm...
Esteban Gomez
May 11 2017
National firm recruits ‘major asset’
A national law firm has announced it has appointed a new corporate partner who brings over 15 years'...
Nicole Rich
May 16 2017
Access to justice for young transgender Australians
Reform is looming for the process that young transgender Australians and their families must current...
Geoff Roberson
May 11 2017
The lighter side of the law: when law and comedy collide
On the face of it, there doesn’t seem to be much that is amusing about the law, writes Geoff Rober...
May 10 2017
Advocate’s immunity – without fear or without favour but not both
On 29 March 2017, the High Court handed down its decision in David Kendirjian v Eugene Lepore & ...