You Can't Just Prevent Cyberattacks, You Need to Detect Them Too
Article by:
Casey C. Sullivan, Esq.
Last updated on
You want to protect your firm and your client data from cyberattacks. An ounce of prevention, as they say, is worth a pound of cure. But prevention is only one part of a full cybersecurity plan.
Detection is just as important. After all, if you can't tell when someone's gotten through your defenses, you can't properly respond to a cyberattack. And for many organizations, detection is a serious weakness. Most companies don't recognize that their data has been breached until months after the event.
Prevention, Detection, Reaction
Being able to detect cybersecurity events is a crucial part of any robust security plan. Mark Lanterman, CTO with Computer Forensic Services, gives a fitting analogy over at Lawyerist. Consider your firm's network like your house. Your preventative measures, such as your firewall, are the fence. Your ability to detect intruders is represented by your door. And your home alarm system is how you react to intrusions. If this was your house, you wouldn't focus on prevention alone, building a giant fence but leaving your door ajar.
The reason the detection layer is similar to a house's front door is that its effectiveness largely depends on individuals. Once an attack has gotten past the fence, it takes IT departments and employees to spot something wrong. You can have the most secure front door, but if someone leaves it open or forgets to lock it (or doesn't know how), it is virtually worthless.
But most organizations aren't very good when it comes to locking their doors or detecting intrusions. Financial firms take an average of 98 days to detect a data breach, according to a 2015 cybersecurity report by the Ponemon Institute. Retailers were worse, taking 197 days. The data didn't cover law firms, but from what we know about some law firms' cybersecurity, the legal industry probably isn't winning any awards for quick detection.
A Quick Intro to Detecting Cybersecurity Incidents
So, you know you need to be able to detect intrusions, but how do you actually go about it? Your particular methods for detecting cybersecurity events will depend on your internal security system, but the webinar below, from F-Secure, provides a helpful, general intro.
Related Resources:
By
George Khoury, Esq.
| Last updated onMarch 21, 2019
For many law students, buying supplements like case outlines, summaries, or brief books may seem unusual. However, these supplements are geared toward helping...
It looks like we're on the threshold ... of Threshold.
The next version of Microsoft Windows, code-named Threshold, is set for a "technology preview" in late...
By
Mark Wilson, Esq.
| Last updated onMarch 21, 2019
FindLaw columnist Eric Sinrod writes regularly in this section on legal developments surrounding technology and the Internet.
Section 230 of the Communications...
For many law students, buying supplements like case outlines, summaries, or brief books may seem unusual. However, these supplements are geared toward helping...
It looks like we're on the threshold ... of Threshold.
The next version of Microsoft Windows, code-named Threshold, is set for a "technology preview" in late...
FindLaw columnist Eric Sinrod writes regularly in this section on legal developments surrounding technology and the Internet.
Section 230 of the Communications...
Need Help With a Legal Issue?
Contact a qualified attorney to find out your options for navigating the best path forward.
You want to protect your firm and your client data from cyberattacks. An ounce of prevention, as they say, is worth a pound of cure. But prevention is only one part of a full cybersecurity plan.
Detection is just as important. After all, if you can't tell when someone's gotten through your defenses, you can't properly respond to a cyberattack. And for many organizations, detection is a serious weakness. Most companies don't recognize that their data has been breached until months after the event.
