Exploring data security in the legal sector and beyond
BitSight analyzed the Security Ratings of more than 20,000 organizations in six industries – Finance, Legal, Healthcare, Retail, Government and Energy. The objective was to highlight quantifiable differences in security performance across industries from the past 12 months and identify areas of cybersecurity risks.
“Legal service providers have access to a company’s intellectual property, financials, strategic plans, and private employee information. In addition, law firms are one of the most widely-used third party service providers across the world. The impact of a breach on a law firm could be severe for not only the firm, but also their hundreds of clients,” said Stephen Boyer, CTO of BitSight.
“Legal firms, as a sector, are performing in line with the retail industry, which, as we have seen in the headlines, have been and continue to be targeted by attackers. In 2017, we expect to see more attacks on legal service providers, fueled by the desire to acquire sensitive data and to attack the firm’s clients. Companies cannot neglect legal services providers in the efforts to continuously monitor the security performance of their third party ecosystem.”
Key findings:
- The Legal sector had the second highest percentage of companies with a security rating of 700 or higher, only trailing Finance and in-line with Retail.
- More than 60 percent of organizations examined from the Legal sector are exposed to DROWN, a major communications protocol vulnerability, specifically affecting the SSL/TLS protocol.
- Bedep is the most common machine compromise across all industries examined. Government, Energy/Utilities, and Healthcare sectors saw the highest rates of this botnet.
- Nearly 80 percent of organizations across all industries examined are exposed to Logjam or POODLE, both of which are major communications protocol vulnerabilities, again specifically affecting the SSL/TLS protocol.