find the latest legal job
Corporate and Commercial Partner
Category: Corporate and Commercial Law | Location: Adelaide SA 5000
· Adelaide CBD · Join a leading Adelaide commercial law firm
View details
Freelance Project Finance Lawyers
Category: Other | Location: All Australia
· Vario are looking for freelance lawyers with experience in project finance ideally within the renewable energy sector
View details
Vario Freelance Lawyers
Category: Construction Law | Location: All Australia
· We are looking for lawyers who appreciate the endless possibilities that a freelance career can offer.
View details
Freelance Construction Lawyers
Category: Construction Law | Location: All Melbourne VIC
· We are looking for construction lawyers who appreciate the endless possibilities that a freelance career can offer.
View details
Banking Associate - 1-6PQE - Allen & Overy
Category: Banking and Finance Law | Location: United Kingdom
· Banking Associate - 1-6 PQE - Allen & Overy
View details
Reformed hacker offers insight into cyber crime

Reformed hacker offers insight into cyber crime

Cyber crime

With law firms notably one of the largest targets for cyber security attacks, a former hacker turned security expert has revealed how smaller players, including SME law firms, can properly protect themselves from inevitable threats.

In his youth, American Kevin Mitnick engaged in “pranks” that involved hacking, such as directing friends’ phones to payphones.

“I never did it to make money; I never did it to do any damage; it was all about the intellectual curiosity and the pursuit of knowledge and the adventure for me and the fun. Eventually, fast-forward, I got myself into a lot of trouble,” he told Lawyers Weekly’s sister publication, MyBusiness.

That trouble was with the US Federal Bureau of Investigation (FBI). Yet getting caught has led him to a lucrative career consulting some of the world’s biggest companies and governments on how to better protect themselves online.

Mr Mitnick said smaller businesses, including law firms, are a primary target for hackers and cyber thieves.

“Usually small businesses don't have the resources or the budget to actually deal with security,” he said.

“Normally, they don't even have an IT department; what they do is they have some IT guy set up a couple of servers at the company, maybe some desktops, maybe some laptops, configure everything, get everything up and running, then the consultant goes on to his next gig.

“So what happens is these small businesses end up being what we call the low-hanging fruit, and easier targets to attack.”

Mr Mitnick said there are steps smaller players can take to better protect themselves.

“It's basically layered security controls. Each business is different, from what they have to protect and how to protect it,” he said.

“But essentially, looking at what are the important assets of a business and how can we segment those assets off on the network and putting up layered security controls between users and sensitive IT assets, whether it's customer lists, access to the CRM system, whether it's manufacturing information like the formula for Coca Cola or whatever you want to call sensitive within your company, and layering security controls.

“[This is important] not only to prevent a bad guy from breaking into the system, but also to detect, so that if one or more persons have compromised the business, that those persons can be detected. For example, if you have an intrusion detection system, it's not going to be very useful to the business unless it alerts and logs anomalies, and in some cases I find businesses don't even inspect the logs.

“So one of the processes that would help the business have a better or more mature security program, is assigning some employee the responsibilities to inspect logs, to see if there is something that needs to be further investigated.”

Mr Mitnick noted that there are mistakes that many SMEs make, including smaller law firms, that they are unaware of, impacting they’re security protection as a result.

“A lot of times I come across clients that make simple mistakes. For example, there is a company that is a retailer that I recently tested their security, and I found out that inside the retail store this company had printers, and the printers were on the corporate network. And I figured out that these printers actually had the default passwords that the printers came with, that the company never bothered to change them, and because of that we were able to leverage the printers to get further access into this client's network,” he explained.

“These companies are hiring us to break into their systems and networks, usually with a higher level of sophistication, but we do look for common mistakes that businesses make – like, for example, not changing default passwords – that we could bring to the client's attention to obviously shore up their defences.”

If a suspected breach occurs, Mr Mitnick has some key advice.

“Do not to shut the system off! The first thing to do is unplug it from the internet, and then probably call a security professional that knows what they are doing, because you want to collect any sort of evidence and try to hopefully track back the intruder,” he said.

“Also, you can lose valuable data on what the bad guys were doing if you shut down the system. So the first thing that businesses should do in the event that they think they've been compromised, they should reach out to a professional security company to do the assessment for them – it's not the type of task that you could just run like your anti-virus software and try to find out what some intruder was up to.” 



Like this story? Read more:

Book commemorates diamond milestone for WA law society

QLS condemns actions of disgraced lawyer as ‘stain on the profession’

NSW proposes big justice reforms to target risk of reoffending

Reformed hacker offers insight into cyber crime
lawyersweekly logo
Promoted content
Recommended by Spike Native Network
more from lawyers weekly
Debate rises over Victorian judiciary attack
Jan 24 2018
Debate rises over Victorian judiciary attack
The Victorian Bar has become the latest to go on record condemning recent political attacks on the V...
Michelle Quigley QC
Jan 24 2018
Vic Barrister who helped stop major heritage redevelopment joins Supreme Court
Michelle Quigley QC, who assisted a coalition to oppose the redevelopment of St Heliers villa estate...
Building, construction
Jan 24 2018
Building finish for NSW coroner’s complex slated for early 2019
Efforts to relocate the state coroner’s facilities from Glebe to Lidcombe are on track, according ...
Allens managing partner Richard Spurio, image courtesy Allens' website
Jun 21 2017
Promo season at Allens
A group of lawyers at Allens have received promotions across its PNG and Australian offices. ...
May 11 2017
Partner exits for in-house role
A Victorian lawyer has left the partnership of a national firm to start a new gig with state governm...
Esteban Gomez
May 11 2017
National firm recruits ‘major asset’
A national law firm has announced it has appointed a new corporate partner who brings over 15 years'...
Nicole Rich
May 16 2017
Access to justice for young transgender Australians
Reform is looming for the process that young transgender Australians and their families must current...
Geoff Roberson
May 11 2017
The lighter side of the law: when law and comedy collide
On the face of it, there doesn’t seem to be much that is amusing about the law, writes Geoff Rober...
May 10 2017
Advocate’s immunity – without fear or without favour but not both
On 29 March 2017, the High Court handed down its decision in David Kendirjian v Eugene Lepore & ...