Cyber risk: A real and ever-present threat to your legal department
High-profile ransomware cases make for eye-catching headlines, but beware thinking, “But that isn’t us. These cybercriminals aren’t interested in lesser-known businesses like ours.”
The evidence says otherwise. Big companies get the press, but cyberattackers are willing to compromise the knowledge assets or customer information of any organization that might pay to protect them. When the leading cybersecurity firm, Sophos, surveyed 5,400 IT managers across 30 countries, they found that 37% of organizations were hit by a ransomware demand within the last year.
And many of these demands are being met. Exchanges and other financial institutions reported more than $590 million in payments tied to ransomware attacks to the Financial Crimes Enforcement Network (FinCEN) in the first half of 2021.
The ever-present danger
Whether your industry is insurance, entertainment, healthcare, financial services, government, retail, or any other area, if your organization stores or processes data that you are legally required, ethically obligated or financially motivated to protect, cybercrime is an ever-present danger. Rationalizing that your business is safe because you don’t believe it is headline-worthy could be a fatal mistake.
The ease with which ransomware crimes are now perpetrated using ransomware as a service (RaaS) should concern everyone. Legal departments are a prime target for cyberattacks due the sensitive nature of the information they hold, which may include documents on internal operations and contractual agreements with other companies. If exposure of the data on your servers to the dark web, or its sale to the highest bidder, makes you the least bit uneasy – and it should make you very uneasy – then it makes good business sense to safeguard it.
The need for cooperation across teams
Protecting your data from cybercrime is a 24/7 proposition. Your risk is only limited by the degree to which your data is secured. Information security (or InfoSec) teams and corporate legal teams can collaborate on taking all possible steps to mitigate risk and stay ahead of the evolving threat.
But first the InfoSec team needs to understand why and what kind of protection is necessary, and the corporate legal team needs to understand the nature of the risks and how their data is protected. Cooperation across these teams should also help to ensure that the technologies used to protect sensitive data are, in fact, helping to avoid data breaches — as well as to facilitate regulatory compliance.
Our white paper, Ransomware and the Changing Security Threat Landscape, takes a deeper dive into the growing synergies between legal and cybersecurity teams and the key role that members from each of these teams can play in advancing the organization’s objectives.
An integrated solution that doesn’t impede adoption
The goal of any risk mitigation effort must emphasize the importance of reducing the complexity of IT management without sacrificing capabilities. Maintaining the strongest data security protocols requires a solution that protects against cyberattack on multiple levels, and the strongest security is in an integrated solution that doesn’t impede adoption by requiring end users to perform additional steps to activate protections.
The iManage platform allows unhindered collaboration and productivity, bringing a comprehensive and layered approach to security with high-availability disaster recovery, sophisticated access controls, usage analytics, and improved data governance.
Learn more about the threat of ransomware, RaaS, the importance of corporate legal teams and InfoSec teams working together to reduce the threat, and how iManage can ensure that your organization remains a secure steward of its knowledge work while delivering better business outcomes. Download the white paper, Ransomware and the Changing Security Threat Landscape.
About the author
Manuel Sanchez
Manuel Sanchez is Information Security & Compliance Specialist at iManage with extensive professional experience in information security, governance, and compliance.