Anyone working within or for the legal sector know that legal professionals today are under a lot of pressure to be more responsive, more efficient and more cost-effective. This is all set against a backdrop of rising security threats and more technology options than ever before.
Here at Virtuoso we spend a lot of time talking about Microsoft 365 and Office 365. In fact they make up the foundation of many of the services we provide to our customers.
You may have seen that we recently posted a short piece about our approach to Managed IT for the legal sector - one of the key points discussed was our focus on Microsoft and Citrix technologies. In this week’s blog I want to look into this area in a little more detail.
Our blog this week takes a look at a common misconception among some SMEs - that their business are so unique that they need specialist software and/or specialist support for it to be effective. However, we here at Virtuoso have learnt through experience that this is often not the case and the following account is a prime example of where the cloud might just be the easiest way to hit your IT infrastructure objectives.
A few weeks ago we wrote in one of our blogs, cyber-security-lessons-for-law-firms “….for law firms the safety and security of their own and clients’ data is not only a legal and compliance requirement, it is also essential to their….survival.”
Why are law firms such an attractive target for hackers?
This is a question worth considering because the reasons behind the hacking of law firms can serve to better illustrate the security needs peculiar to law firms.
Take the example of New York law firms Cravath Swaine & Moore and Weil Gotshal & Manges. According to reports in the Wall Street Journal and Fortune during 2016 both these prestigious firms were hacked in an insider-trading scheme that involved planned mergers. The motive was clear, financial gain. And what better way to get information about future corporate mergers than to target firms active in the M&A market. Both firms it should be said denied that there was evidence of anyone benefiting from the hack although they did not deny that there had been a hack.
In 2012 Bloomberg reported that Wiley Rein, one of the largest law firms in Washington, DC was hacked - reputedly by Byzantine Candor, linked to the Chinese People’s Liberation Army. Of course accusations of cyber attacks by nation states are easy to make but harder to prove. At around the same time twenty other companies including nine law firms were hacked by the same or linked groups. The motive was apparently industrial espionage and the reason these specific law firms were targeted is instructive to consider.
All the law firms hacked were engaged in activities relating to China: pursuing trade claims on behalf of US firms against Chinese exporters or acting on behalf of oil & gas companies drilling or bidding for drilling rights in seas near or claimed by China. In the case of Wiley Rain the firm was acting on behalf of SolarWorld which at that time was also hacked by the same group (Byzantine Candor). Why?
SolarWorld was scaling up for mass production of Passivated Emitter Rear Contact (PERC) solar cells, one of the first manufacturers in the world to do. At the same time they were fighting a trade case against the importation of solar cells from China citing unfair competition. Engineering and other IP was stolen and coincidentally a Chinese solar cell manufacturer brought a PERC solar array to the market 18 months before they were expected to do so.