Research Paper - revised draft

ad2

ResearchPaperResponsenotes.pdf

Home >English homework help >Research Paper - revised draft

Cybersecurity and Policy

Kafayat Omotayo

WRTG 112

UMGC

02/15/21

Commented [DW1]: Good cover page.

Table of Contents

Abstract ........................................................................................................................................... 3

Introduction .................................................................................... Error! Bookmark not defined.

Research Question ......................................................................... Error! Bookmark not defined.

Overview .................................................................................... Error! Bookmark not defined.

Standards .................................................................................... Error! Bookmark not defined.

Definitions .................................................................................. Error! Bookmark not defined.

The potential threat of a cyberattack on a law firm ................... Error! Bookmark not defined.

Law Firms’ Cyber Risk .................................................................. Error! Bookmark not defined.

Cyber Risk Cost Assumption and Attacks ................................. Error! Bookmark not defined.

Cyber enforcement issues for the law firms .................................. Error! Bookmark not defined.

Surveys ........................................................................................... Error! Bookmark not defined.

Prevention ...................................................................................... Error! Bookmark not defined.

Recommendations .......................................................................... Error! Bookmark not defined.

Conclusion ..................................................................................... Error! Bookmark not defined.

References ....................................................................................................................................... 8

Abstract

With the evolution of technology, all businesses use the internet and other smart devices for smooth operations in their business. The advanced use of the internet and technology has brought many security issues for businesses. This paper focuses on the current threats faced by law firms in terms of cyberattacks. An insight is provided on how law firms can be threatened by different actors for information. A survey approach has been used for collecting data for this paper. Keywords: Cybersecurity, Law firms, Threat Actors, Information Introduction

While firms around the world are forced continuously to enhance the complexity of their risk reduction strategies, cyber-attacks are growing steadily. A study by Lab's panda in Q3 2016 only took another 18 million malware tests. In 2017, a further report from the Division of cybercrime and intellectual property was carrying out more than 4,000 Ransomware attacks daily (CCIPS). That's 300 percent more than 2015, with 1,000 ransomware attacks every day. Several studies indicate that technology has two effects—connecting the globe and simultaneously enabling cyber-attacks. In 2016, it was discovered for the very first time in history that cybercrime has taken over traditional crime by UK National Police Department and other organizations (Alwan, 2018). In today's fast-moving dynamic environment, all the business is using the internet for smooth functioning and maintains competition in the business world. Ensuring the safety of the data has become the prime motive of all trades. Similarly, the relevance of cyber protection for their customers and the status of the company have begun to be understood by law firms. One of the chief duties of the law firm is to ensure the protection of client's private legal information. There are several kinds of cybersecurity research; however, very little research has been offered on security issues in law. One of the greatest cybersecurity faced by law firms includes data breaches and ransom-hack attacks (Stark, 2021). Research Question How do threat actors obtain classified information from a law firm? Overview Standards

The main aim of the National Institute of Standards and Technology (NIST) is to offer an overview of how different institutions, states, or nations understand or approach "cyber-attacks." A cybersecurity policy for the European Union is being developed by the European Network and Information Security Agency (ENISA) to aim for continuity across Europe, across different international boundaries, across national borders and industries. For EU companies to comply with their cybersecurity pledge and regulation conformity, ENISA works toward harmonized standards. Homeland Security also offers a cross walking cybersecurity NIST system that provides a comprehensive checklist to classify the terms.

Commented [DW2]: Formatting: be sure to check the guidelines for the formatting. While this might be useful for some arenas, this course is aimed to familiarize you with the formatting you’ll be using in future courses (unless they request otherwise). You do not need a Table of Contents or Abstract, and the sections (introduction, body, conclusion) do not get their own headers.

Commented [DW3]: This could work as a thesis if it is slightly re-worded; your thesis should take a stance/position on the issue, one that is arguable. See the examples in our course readings for more, and develop a strong thesis here in the introduction.

Commented [DW4]: Great citing.

Commented [DW5]: Instead of these headers and sections, we need body paragraphs that each support your stance and begin with a topic sentence. See above.

Definitions Cybercrime, as stated in the Tallinn Manual on International Law for Cyber Operations,

is defined by the Australian Government under the Commonwealth Penalty Code Act 1995 as computational crimes involving unauthorized entry, modification, or disruption of electronic communication. Austria offers a wide-ranging description of cybercrime as "illegal cyber-space attacks on and through ICT systems defined by criminal or administrative laws," Includes, as well as internet crime, any crime committed through IT and communication networks. In the US and Russia, common definitions are followed: cyberspace use in conjunction with domestic or international legislation for criminal purposes. Although cybercrime is unified, law enforcement, including Interpol, is typically distinguished between the two main forms of internet-related crime: advanced (or hi-tech) cybercrime such as sophisticated hardware and software attacks and cyber-enable crime, wherewith the onset of the internet, many "traditional" criminals have changed their course (Alwan, 2018). The potential threat of a cyberattack on a law firm Malware: This software helps in breaching information systems. By clicking on a link, one can install this software on their system. Spyware, ransomware, and malware are some of the examples of this program. Malware will obstruct the company's access. Also, it can copy all the information of the firm into a drive. Ransomware enables the hacker to lock the employees or owner out of the system until the firm pays the ransom to the hacker. Phishing: The hacker acts as an authentic firm or company and tries to steal private information and login passwords. A MITM (man-in-the-middle) attack: The hacker captures and transmits messages to two parties who believe they communicate with each other; this scam is also known as a scooping attack (Mayo, Mayo, Spencer, Spencer & Spencer, 2021). Law Firms' Cyber Risk Cyber Risk Cost Assumption and Attacks

In the retention agreement, cyber protection is changing and is now more than a technical challenge or an added clause. This was the greatest risk facing law firms in 2017, for example - A massive cybersecurity infringement, later related To an insider trade of $4 million-plus scam, was endured by Cravath, Swaine and Moore, and Weil Gotshal&Manges, two of US's biggest law firms. In July 2016, their little Philadelphia business, the computer system – Greseng Law – was infested by malware. Their outsourced IT supplier, Integrated Microsystems, was contacted. Jessica L. Mazzeo stated, "We caught it almost immediately". While Chief Operating Officer at Griesing Law stated that "We took down our network and ran virus software on every computer in the firm. Once we located where the virus originated, we wiped the hard drive." This incident was a revolution in law firms. Lawyers took a different approach in dealing with emails and websites (Alwan, 2018).

Commented [DW6]: Be sure to see the above notes—this needs to be formatted into an essay.

Cyber enforcement issues for the law firms Unlike any businesses law firms are prone to breaching and quite a lot of them have a

requirement of pre-breeching safety. If a problem emerges, a corporation will be far superior to its customers, its government regulations, or compliance organizations, if the firm can illustrate the following (1) Their protection agenda is consistent with best practices, (2) have active management, (3) All the procedures and applications are being followed well, and (4) Adequate tools are involved in detecting malware and illegal activities. The lack of investment in cybersecurity is one of the biggest issues. Many legal professionals (lawyers) describe costs as an important factor in the planning of cyber-attacks, why law firms fall behind. At least up-to- date software is needed for an efficient cyber risk program and is very expensive for all law firms. Law firms have never been highly technical and are now pressurized to upgrade their systems, as company breaches are being publicized by news and consumers are increasingly asking about protection (Heikkila, 2009). In New York at the beginning of 2012, the FBI released notices to businesses to discuss the possibility of infringements and misuse of consumer data. Alan Paller, the research director for the Cyber Training SANS Institute, disclosed at the same time that he had a wonderful conversation with associates from a New York corporation, told the FBI that they had all their consumer records were stolen (Alwan, 2018). Surveys

In the areas of personal injuries, housing, tax, and intellectual property, law firms serve as custodians for intensely sensitive details for their customers. It is therefore important to maintain appropriate procedures for cybersecurity to guard the information and maintain the trust that consumers put in them. Breakdown of this process results in degradation of the company's reputation and severe consequences for clients. Several cases are depicting the above scenario. For example, in the year 2020, a file was hacked in September, having the information of 9 employees. All the important and personal information like name, phone number, email address, passport number, social number, and other important details that could be used as identity theft. To recover all the employees from the cyber hack, the law company had to pay free credit monitoring service to all its client's employees. It is estimated by the American bar association that almost 29% of respondents on the survey have faced cyber threats related to data breaches. But only 34% of firms are maintaining the plan of cybersecurity incidents ("2020 Cybersecurity", 2021).

A survey of dark-web activity stated that how actors monetize their abuse of law firms (screenshot in appendix 1). This is accomplished largely by the hacking and resealing of a law firm's data. For example, in the given (Appendix1) on June 14, 2020, on the forum Dark Web, the risk player "pirate cap" proposed to trade. The approach of a domain manager level to a law firm offered at the USD 24 million in revenue, where the opening offer was USD 500 (Andariel, 2021). Another such example can be seen in appendix 2. On October 28, 2020, a risk factor "whisper". With the message, they give a business in the area of corporate law and advocacy access to 25 hosts on the network of the target company. This is likely to be a considerably higher access standard from the 25 hosts to the starting request of the USD 1,000. This would cause great harm to the law firm (Tyler Combs, 2021).

Commented [DW7]: Sentence fragment—overall, I’m seeing a lot of sentence issues, mostly revolving around wording that is hard to understand. Be sure to proofread carefully.

Commented [DW8]: This is another example of a fragment.

Prevention

Although the cybersecurity of law firms is seriously threatened, there is clear action that is vital for law firms to take to defend themselves. As stated earlier, a 2020 cybersecurity study from the American Bar Association found that incident response plans were in place only for 34% of the respondent of law firms. Therefore, business monitoring and cyber-attack recovery protocols are a valuable starting point. If lawyers do not know how to speak when a suspicious email is opened or major files are lost, and nobody is responsible for fixing these problems, a company is opening up to simple manipulation.

A cognitive approach to cybersecurity: This is another approach that can be brought into practice. In this various approach to cybersecurity is defined. It is motivated by human cognition to learn diverse information. In Oxford's dictionary, awareness is characterized as "the mental action or process of acquiring knowledge and understanding through thought, experience, and the senses".

One new feature of our frame is its capacity to assimilate complex textual information and combine it with wrongdoing, identification of known and unknown attacks. With written sources, the key problem is that the knowledge may be incomplete and is for human use (Narayanan et.al, 2018). However, trained individuals must be aware of constructive cyber safety to avoid attacks in the first place. Most of the cybersecurity workers at big corporations (those who hire over 100 lawyers) have been dedicated for this purpose, although this figure is dropping dramatically as the size of the businesses reduces. However, whatever the scale it is, workers must grasp simple security procedures. Cybersecurity requirements can differ greatly according to the size and capabilities of the organization. For certain businesses, this would also include instruction in activities such as efficient login credentials protection, fraudulent email detection, and other cheap and typical prevention. Because of the comparatively few law professionals with IT backgrounds, this is especially required. Last but not least, law firms must be kept updated on the cyber challenges they face. Via the loss prevention services of AdvIntel, businesses may have access to specialized, proprietary sources of knowledge on risks. By detecting prominent botnets associated with ranch bands and analyzing DarkWeb markets, AdvIntel, and our Andariel network, law firms are provided with real-time information on their most volatile and active risks. Our approach to intelligence gathering and research is to help law firms retain a strategic advantage over the risks that are meant to manipulate them, and we view the legal industry as one of our focus industries.

Commented [DW9]: This is an example of a sentence whose wording doesn’t quite make sense. “There is clear action that it is vital” is hard to understand. Be sure to proofread the document carefully.

Commented [DW10]: This is another example.

Recommendations Apart from the aforementioned research, further investigation in this emerging field is

recommended. The first review paper to be established from this research work can be developed considering other similar legal sectors, including businesses or application service providers for law support programs. For instance, a sample of cybersecurity feedback may be analyzed and compared with legal firms and can be used to detect if the protection of corporate laws is perceived differently. Conclusion

Following an impact assessment and liability on all possible kinds of risks to data privacy, it seems like the most important lesson to be learned from past company violations is that cyber policy and regulatory processes are not consistent, successful, and consistent. This emphasizes the need for a comprehensive cybersecurity solution. Law firms should not only comply with the regulatory checklist but should also make a list in its entirety and go above what regulators expect to secure not only their data but also the data of their clients. Policymakers must now evaluate and enforce the regulations that have been checked in these studies to guarantee that the internet is more protected to protect their clients.

Commented [DW11]: I’m not sure what you mean here— you are repeating “consistent.”

References

John Reed Stark. 2021. Law Firms and Cybersecurity: A Comprehensive Guide for Law Firm

Executive Committees. Retrieved 15 February 2021, from

https://www.johnreedstark.com/wp-content/uploads/sites/180/2016/04/Law-Firm-

Cybersecurity-Guide-Final-PDF.pdf

Alwan, H. (2018). Policy Development and Frameworks for Cyber Security in Corporates and

Law Firms. International Journal Of Legal Information, 46(3), 137-162. DOI:

10.1017/Jul.2018.41

Mayo, V., Mayo, V., Spencer, K., Spencer, K., & Spencer, K. (2021). The Role of Cybersecurity

in the Legal Field. Retrieved 15 February 2021, from

https://www.biggerlawfirm.com/the-role-of-cybersecurity-in-the-legal-field/

Faith M. Heikkila. (2009). An Analysis of the Impact of Information Security Policies on

Computer Security Breach Incidents in Law Firms. Retrieve at

https://core.ac.uk/download/pdf/51097899.pdf

S. N. Narayanan, A. Ganesan, K. Joshi, T. Oates, A. Joshi, and T. Finin. 2018."Early Detection

of Cybersecurity Threats Using Collaborative Cognition," IEEE 4th International

Conference on Collaboration and Internet Computing (CIC), Philadelphia, PA, 2018, pp.

354-363, DOI: 10.1109/CIC.2018.00054.

Commented [DW12]: Alphabetize by first letter in the entry. O

Commented [DW13]: Be sure to use APA format—the last name goes first.

Andariel. (2021). Threat Prevention. Retrieved 15 February 2021, from https://8dfd1b9a-1d6d-

4233-af4b-

26b0945b72b9.filesusr.com/ugd/0e8cc9_a30a4def495049a28c511e92ef29959d.pdf

Tyler Combs. (2021). Retrieved 15 February 2021, from https://www.advanced-

intel.com/post/breach-of-trust-how-threat-actors-leverage-confidential-information-

against-law-firms

2020 Cybersecurity. (2021). Retrieved 15 February 2021, from

https://www.americanbar.org/groups/law_practice/publications/techreport/2020/cybersec

urity/