Cybercriminals Disdain the Law, But Find Law Firms Attractive

Author Avatar


Posted on September 12, 2023

Want to interview Gerry?


Law firms are known for conservatism, discretion and an ironclad commitment to protect their clients. It is therefore surprising that when it comes to cybersecurity, law firms are not always at the forefront when it comes to protecting the sensitive data they hold from breaches and cyberattacks.

The most infamous data breach involving a law firm occurred in 2016. Mossack Fonseca, a Panamanian firm, specialized in helping other lawyers and investment advisors create offshore shell companies designed to shelter wealthy individuals’ bank accounts, real estate, private jets and luxury yachts from tax authorities. When over 11 million Mossack Fonseca documents were disclosed to journalists, the repercussions were global. Iceland’s prime minister resigned when it was revealed that he had millions in Icelandic bank bonds stashed in offshore companies while his government was negotiating with the banks’ creditors. The prime minister of Pakistan was disqualified by the country’s supreme court after it was discovered he had shell companies holding millions of dollars in London real estate. Mossack Fonseca never recovered from the negative publicity and shut its doors in 2018.

It was never determined whether the leak was the result of a hack or an insider’s work. Either way, the firm’s cybersecurity clearly was not commensurate with the sensitivity of the information that the firm handled.

More recently Orrick, Herrington & Sutcliffe was slammed with a class action lawsuit for a data breach in which sensitive personal information was disclosed. Over 152,000 individuals who were insured by Delta Dental and EyeMed Vision Care – Orrick, Herrington & Sutcliffe clients – were impacted by the breach. The lawsuit claims,

In short, thanks to Defendant’s failure to protect the Breach Victims’ Personal Information, cyber criminals were able to steal everything they could possibly need to commit nearly every conceivable form of identity theft and wreak havoc on the financial and personal lives of potentially millions of individuals.

Why Are Law Firms Attractive Targets?

In an article on Cybersecurity for Law Firms, the American Bar Association posits some powerful reasons why law firms are popular targets for cybercriminals:

  1. “One stop shopping.” Since law firms generally hold valuable information on many different companies and entities, breaching their systems is an efficient way for cybercriminals to maximize “return” on effort invested.
  2. Law firms’ security measures may be less sophisticated than their corporate clients.

As the ABA put it, “more data + easier access = prime targets.” Why wouldn’t a cybercriminal give law firms a try?

Typical Attack Mechanisms

While the opportunity law firms present to cybercriminals may be unusually attractive, the methods by which they are typically attacked are depressingly familiar. Attack vectors that can cause headaches for law firms include:

  • Web browsing. Palo Alto Networks researchers found that 75% of ransomware attacks in 2022 began with a visit to a malicious website.
  • Weaponized email attachments. While less popular with cybercriminals than in the past, infected email attachments triggered an estimated 12% of ransomware attacks in 2022.
  • Stolen credentials. Using stolen credentials, cybercriminals can log onto enterprise networks and apps and work from within to exfiltrate data or implant malware. Stolen credentials are freely available for purchase on the dark web.
  • Software vulnerabilities. Many organizations, and law firms among them, are not meticulous about keeping their software up to date, leaving them vulnerable to attack. And even firms that apply patches promptly are susceptible to “zero day” exploits, newly discovered vulnerabilities for which patches have not yet been issued.
  • Trusted insiders. Data breaches may be initiated by a disgruntled employee or other insider. Cybersecurity must include measures that restrict the ability for an insider to “go rogue,” rapidly uncover suspicious behavior, and limit the damage that an insider can wreak.

Cybersecurity for Law Firms

Given that law firms hold sensitive data about numerous companies and individuals, it only makes sense for law firms’ cyber defenses to be at least as strong as those their clients deploy, if not even stronger.

The corporate world is rapidly transitioning to Zero Trust cybersecurity, which treats every user, every website, every transaction as potentially dangerous. Zero Trust security solutions restrict user access to data, apps and app functionality to the minimum they require to get their work done. And they require all resources to be authenticated and validated as safe before enabling access.

Ericom solutions make Zero Trust capabilities easy to implement, with solutions that are easy to manage and integrate easily with existing security stacks. Solutions include:

  • Isolation-powered Ericom Web Isolation applies Zero Trust security principles to the web – the delivery vector for the majority of cyberattacks. It leverages Remote Browser Isolation (RBI) to create an airgap that keeps potentially malicious website code and attachments away from user devices. Even if a user clicks on a malicious link, malware is harmlessly deployed in a cloud-based container.

Websites launched from links within emails can be opened in “read-only” mode to prevent users from sharing credentials on spoofed phishing sites. Content Disarm and Reconstruction sanitizes all attachments within the cloud before downloading them to the user device.

  • Web Application Isolation (WAI). Using the same cloud-based isolation technology as RBI in reverse, WAI airgaps interactions with law firm applications to protect them from malware and prevent loss of sensitive data. This is particularly important for firms that allow users to access the firm’s web or private applications from their personal devices, or employ third-party contractors who access firm applications from devices that are not managed by the firm’s IT team.

Within the Ericom cloud, WAI applies policy-based controls to enforce least privilege access and prevent exfiltration of sensitive data, as well as airgapping networks, data and applications from user devices to prevent malware infection.


Law firms are attractive targets for cybercriminals because they hold a wealth of valuable information from multiple clients in an IT environment that may be less secure than the networks of the clients themselves. By moving to state-of-the-art Zero Trust cybersecurity, law firms can rest assured that their clients’ confidential data is just as secure as it is on the clients’ own networks and in their applications.

Share this on:

Author Avatar

About Gerry Grealish

Gerry Grealish, ZTEdge CMO, is a security industry veteran, bringing over 20 years of marketing and product experience in cybersecurity, cloud, analytics, and related technologies. Responsible for marketing and business development, Gerry previously was at Symantec, where he led the product marketing and go-to-market activities for the company’s broad Network Security portfolio. Prior to Symantec, Gerry was at Blue Coat, which he joined as part of Blue Coat’s acquisition of venture-backed Cloud Access Security Broker (CASB) innovator, Perspecsys, where he was Chief Marketing Officer.

Recent Posts

Air Gapping Your Way to Cyber Safety

Physically air gapping enterprise networks from the web is a great way to protect operations, keep data safe … and squelch productivity. Virtual air gapping is a better approach.

Motion Picture Association Updates Cybersecurity Best Practices

The MPA recently revised its content security best practices to address, among other challenges, the issue of data protection in the cloud computing age.

FTC Issues Cybersecurity Warning for QR Codes

QR codes on ads are a simple way to grab potential customers before they move on. No wonder cybercriminals are using QR codes, too.