Law Firms and Wall Street Team Up on Online Security

Wall St. and law firms plan cooperative body to bolster online security (NYT, 23 Feb 2015) – The threat of ever-larger online attacks is bringing together Wall Street banks and the big law firms that do work for them in an alliance that could result in some sharing of basic information about digital security issues. For nearly a year, banks and law firms have discussed setting up a legal group that would be affiliated with the banking industry’s main forum for sharing information about threats from hackers, online criminals and even nation states – the Financial Services Information Sharing and Analysis Center . Several people briefed on those discussions said those talks would most likely lead to the establishment of such a group by the end of the year, a recognition that hackers are increasingly focusing on big law firms to glean information about their corporate clients. Law enforcement agencies have long been concerned about the vulnerability of United States law firms to online attacks because they are seen by hackers and nations bent on corporate espionage as a rich repository of company secrets, business strategies and intellectual property. But attacks on law firms often go unreported because the firms are private and not subject to the same kind of data-breach reporting requirements as public companies that handle sensitive consumer information. Over the last several months, Mandiant, the security firm that is a division of FireEye, has been advising a half-dozen law firms that were the subject of a breach, said a person briefed on the matter who spoke on the condition of anonymity. Mandiant, during a recent presentation at a legal conference, said many of the bigger hackings of law firms had ties to the Chinese government, which was seeking information on patent applications, trade secrets, military weapons systems and contract negotiations. The law firm group under consideration would be set up as an organization to share and analyze information and would permit firms to share anonymously information about hackings and threats on computer networks in much the same way that bank and brokerage firms share similar information with the financial services group. And while the two groups would not necessarily share information with each other, the law firms would have access to some of the resources of the financial center, which has existed since 1999 and is one of the better-funded industry threat-sharing organizations. [ Polley : I’m helping the ABA assess whether/how it might facilitate similar ISAC-like activities; we fear that most firms (other than the very largest) wouldn’t grok the value-proposition. Reactions?]


Provided by MIRLN

Photo courtesy of Creative Commons: