

Airlock Digital and Securite Presents – Application Whitelisting and The Essential Eight
Aug 12, 2020 11:00 AM SYDNEY TIME
Register Here
With the advent of the global pandemic, there has been a massive uptick in cyber threats directed towards organisations and government entities. The ACSC and the Australian government have created the Essential Eight framework that outlines mitigation strategies that organisations can adopt to protect themselves from cyber risk. In this short and sweet webinar, we will cover
and more.
Law firms in Australia, including international offices of major law firms, are increasingly being asked by their clients and prospective clients to show they adhere to the ASD Essential 8 cybersecurity framework before gaining work mandates. The ASCS requites all Local, State and Federal government and agencies to only deal with Essential 8 compliance firms.
The Law Council of Australia recently outlined that a successful cyber-attack may have severe consequences for your law practice. Cyber-attacks have most notably caused damage in the following areas:
One unnamed CISO at a global firm recently said “My head office in the UK doesn’t know what the Essential 8 is, however my partners locally need me to demonstrate we are adhering to the framework or they won’t win Australian government business. We don’t do Application Whitelisting so I need to get cracking on implementing it outside the global firm’s security policy which they have approved me to do locally”.
While statistics on law firm hacks and data breaches are not easily found due to not being disclosed, some prominent recent ransom hacks of law firms and their client’s data made headlines.
In May 2020 hackers hit A-list law firm Grubman Shire Meiselas & Sacks of New York. The firm whose clients include Lady Gaga, Drake, Madonna, Rod Stewart, and Robert De Niro. The hackers claim to have 756 gigabytes of data including contracts and personal emails.
A $42-million ransom demand came from a criminal group called REvil threatening to release damaging documents.
In May 29, 2020 in California IP law firm Vierra Magen Marcus had data stolen relating to major businesses. Screengrabs purportedly posted on the dark web by REvil show folders listed under the IP firm’s name alongside an index note of high profile organisations including the US Navy, ExxonMobil, L’Oreal, Nissan, Daimler Chrysler, Honeywell and LG Electronics, as well as other well-known businesses. One of the screenshots refers to an archive download of 1.2TB.
The group’s objective was to prove to the company that they had access to the network and to scare them into paying.
In June 2017 DLA Piper LLP one of the largest law firms in the world, was hit by a ransomware attack that infected hundreds of thousands of computers across their platform globally. The global cyber event encrypted all affected files and requested a ransom of $300 in bitcoin to regain access or avoid threat of deletion. It took the firm at least 6 months to rebuild its IT capability costing millions.
The ASD Essential 8
Small and large firms, including the local offices of global firms, can still enact measures in the ASD Essential 8 such as application whitelisting, privileged account management and multifactor authentication and train employees to spot phishing attempts. All it takes is one malicious phishing email to be clicked on by an employee. Now that bad actor has gained the username and password for that employee, and circumvented that firewall they are into your data.
While companies often claim to have been victims of a ‘highly sophisticated cyberattack,’ the reality is that, in many cases, the attacks only succeeded because basic best practices were not followed. “Problems such as weak passwords, a lack of multi-factor authentication and non-patching are, unfortunately, all too common.
If its good enough for the government to insist on adhering to the Essential 8, it makes good sense to implement the framework and for all your clients to know that you are following this best cyber security practice.
Can your firm afford the reputational damage of a client data leak, not to mention the financial cost of remediation of a Direct Denial of Service or a ransom demand?
As a law firm IT administrator juggling a lot of hats, come and have a professional consultation with Securite on how we can assist harden your cyber security posture with the latest cost effective solutions with minimal disruption to your job and firm to comply with the ASD Essential 8.
References:
https://www.lawsocietysa.asn.au/Public/Publications/Resources/CyberSecurity.aspx
https://www.cybersecurity-insiders.com/ransomware-attack-on-grubman-shire-meiselas-sacks-law-firm/
https://www.rollonfriday.com/news-content/exclusive-revil-hackers-hold-second-us-firm-ransom
Jack Drewe is the CISO and Risk Advisor for cyber risk advisors Securite, Inc. Securite provides independent cybersecurity advice, best in class solutions and managed services. Securite is located in North Sydney, the heard of Australia’s technology epicentre. You can contact Jack directly on LinkedIn or Email
While every law firm has the professional and ethical responsibility to keep their client’s data safe, some situations demand a mandatory compliance of cybersecurity. According the ACSC, any law firm transacting business with federal, state or local government agencies is required to be compliant with the Australian Signal Directorate’s Essential Eight Strategies to Mitigate Against Cyber Risk.
The ASD Essential Eight is a baseline security that measures law firms of any size can implement to ensure they are meeting the minimum criteria to protect their data and intellectual assets.
The #1 mitigation strategy as directed by the ASD. Application Whitelisting is now available as a mature solution it is reasonable to expect organisations to use it across their entire environment. Increased visibility alone of endpoint applications makes life easier for security, helpdesk and management alike stopping more endpoint threats before they reach any part of the network. File level whitelisting, built around dynamic environment is essential to stop targeted attacks as well as malware and ransomware.
The #2 & #3 mitigation strategies according to the Australian Signals Directorate. . Patching is essential to remediate vulnerabilities in programs and operating systems as they can be exploited to execute malicious code on systems. Zero-day attacks can have a catastrophic impact on businesses, so it pays to have a best practice patch management process in place to ensure proactive security posturing.
The #4 mitigation strategy according to the Australian Signals Directorate. Restricting privileges based on need and role is vitally important to reduce the risk of malicious actor gaining access to systems via elevated privileges as well as reducing the risk of insider threat. Users often need different levels of access depending on different systems and their role within the company. Privileged Account Management solutions help address this need, simplify the execution, while aiding in documenting policies and auditing access