It’s clear that big banks provide a lot of incentive for hackers to launch cyber attacks, given the amount of sensitive data they hold and the cash they oversee. But banks aren’t the only entities hackers are targeting. The law firms that represent financial institutions are also subject to attacks, and as a result a group of law firms is banding together to share security data in order to prevent attacks, according to a New York Times report.
The data held by law firms is a treasure trove for hackers because it includes some of the most secretive aspects of companies, including their business operations, deal making and legal disputes. However, the general public may not be aware of law firm hacks because the firms are private entities and don’t have to abide by the same set of rules as public companies, especially when it comes to disclosing their breaches.
The Times report states that both banks and law firms have been working to create a separate legal group that would be connected to the Financial Services Information Sharing and Analysis Center, which acts as the meeting ground where financial entities can share and analyze security related information. A similar group for law firms could form by the end of 2015.
Supposedly, a half-dozen law firms were hacked over the past couple of months and the security company Mandiant has been working with these organizations on the breach, the Times reports, citing an unidentified source.
There’s not a lot of information out there as to the specifics of the cyber attack, but the Times reports that Mandiant recently said during a conference that “many of the bigger hackings of law firms had ties to the Chinese government, which was seeking information on patent applications, trade secrets, military weapons systems and contract negotiations.”
Sharing security data between organizations appears to be a trend, with President Obama recently signing an executive order calling for businesses and the Federal Government to create some kind of hub where they can exchange information.
Additionally, [company]Facebook[/company] just released its own collaborative threat detection framework, which includes a number of tech companies pledging support, including Pinterest, [company]Yahoo[/company], [company]Twitter[/company] and Dropbox.
What separates the proposed law firm information-sharing group and Facebook’s threat-detection framework from what President Obama is calling companies to establish is the fact that, as far as we know, law enforcement will not be participating in both projects. The White House wants the government to be a part of these data-sharing endeavors, under the premise that it has valuable information, but if organizations want that data, they’ll have to pony up their own.
But privacy concerns in light of the Edward Snowden leaks have caused tech companies to be wary of disclosing information to the government, and in a telling sign, Facebook, [company]Google[/company] and Yahoo chose not to participate in the White House’s Summit on Cybersecurity and Consumer Protection held in Stanford a few weeks ago.