I recently participated in an intimate meeting between a U.S. intelligence agency cyber-attack investigator and a law firm client’s senior committee to prevent cyber-hacks into their firm’s digital network. We set-up the meeting and worked with our client and the intel agency for this proactive conversation to hear about the latest trends in cyber-crime. The intel agent said it is remarkably rare that professional services firms or other businesses dealing with sensitive data proactively take advantage of its free consultation. The firm was already doing everything recommended to prevent hacks, and had not experienced a successful hack, but the conversation was still stunning.
The agent warned that cyber-criminals are constantly trying to breach the defenses of law firms and other business’ dealing in sensitive financial data, and I mean trying constantly. The well-known firm we were visiting in DC confirmed it registers tens of thousands of spear-phishing attempts every year and the intel agent agreed that number is not unusual for a law firm, especially one involved in M&A work, or for active law firm clients.