November 30, 2017 By Douglas Bonderud 2 min read

When Bloomberg’s Big Law Business Summit — West began in San Francisco two weeks ago, lawyers were ready to dive into sessions on patent litigation and IP management. Thanks to Dr. Phyllis A. Schneck of Promontory Financial Group, attendees also gained critical insight into emerging cyberlaw security risks.

Specifically, Dr. Schneck took on the myth that simply meeting security requirements keeps companies safe. Here’s a look at the case for critical overcompliance.

Sidestepping Security

Ensuring regulatory compliance is a must for any law firm to protect client information, intellectual property and personal data. But as noted by Dr. Schneck, this isn’t enough to deter cybercriminals, “because the bad guy knows how we’re compliant.” This allows them to circumvent basic compliance measures and insert new code in memory to change the way specific apps or systems operate.

Dr. Schneck pointed to three more worrisome, critical concerns in the evolving digital world:

  • “Wicked Fast Computing”Attackers can use artificial intelligence (AI) and bring disparate data sets together to compromise corporate networks.
  • Everything Handles Data New technologies are natively designed to collect, process, store and share data, making it easier than ever for actors to infiltrate systems and exfiltrate information.
  • Storage for Efficiency and EnjoymentThe Internet of Things (IoT) has created a network of connected physical devices that collect massive amounts of data, potentially exposing intellectual property.

Add in the fact that malware is now readily available on public and Dark Web sites, and it’s easy for would-be bad guys to add their own code to existing tools and create new attack variants that companies simply aren’t prepared to handle.

The result? Compliance measures designed to mitigate existing threats are already one step behind cybercriminals.

Going Beyond Basics at the Big Law Business Summit

Ultimately, Dr. Schneck makes a case for using the “necessary and good exercise” of checking compliance boxes to become “more than compliant.” But it’s one thing to recognize the need for overcompliance and another to implement effective changes. How do law firms — and other industries — achieve this goal?

As noted by IDG Connect, automation can improve companies’ ability to meet basic compliance goals. By adding automation to key network security policies and procedures, it’s possible to reduce the time between threat activity and threat detection, in turn reducing the impact of malware attacks. Cloud-based defenses are also critical for overcompliance because they can act in real time to obtain new threat data, download security patches and quarantine potential threats.

Last but not least? According to Dr. Schneck, companies need to recognize that achieving better compliance is “not a technology problem.” User behaviors and expectations are now driving the edge of technology innovation, but this innovation is outpacing security policies and procedures. Attackers are able to slip into the gaps left between current security methods and the level of service and access demanded by staff and consumers.

While spending on compliance tools and technologies can help mitigate the impact of existing threats, dealing with new attack vectors demands human-centric polices that recognize the inextricable link between user and device.

Dr. Schneck’s presentation at the Bloomberg Big Law Business Summit makes it clear: Cybercriminals are in a better position than ever to compromise corporate networks and steal critical data. Compliance is a great starting point, but isn’t enough to defend against emerging digital threats.

More from

Black Friday Chaos: The Return of Gozi Malware

4 min read - On November 29th, 2024, Black Friday, shoppers flooded online stores to grab the best deals of the year. But while consumers were busy filling their carts, cyber criminals were also seizing the opportunity to exploit the shopping frenzy. Our system detected a significant surge in Gozi malware activity, targeting financial institutions across North America.The Black Friday connectionBlack Friday creates an ideal environment for cyber criminals to thrive. The combination of skyrocketing transaction volumes, a surge in online activity and often…

Cloud Threat Landscape Report: AI-generated attacks low for the cloud

2 min read - For the last couple of years, a lot of attention has been placed on the evolutionary state of artificial intelligence (AI) technology and its impact on cybersecurity. In many industries, the risks associated with AI-generated attacks are still present and concerning, especially with the global average of data breach costs increasing by 10% from last year.However, according to the most recent Cloud Threat Landscape Report released by IBM’s X-Force team, the near-term threat of an AI-generated attack targeting cloud computing…

Testing the limits of generative AI: How red teaming exposes vulnerabilities in AI models

4 min read - With generative artificial intelligence (gen AI) on the frontlines of information security, red teams play an essential role in identifying vulnerabilities that others can overlook.With the average cost of a data breach reaching an all-time high of $4.88 million in 2024, businesses need to know exactly where their vulnerabilities lie. Given the remarkable pace at which they’re adopting gen AI, there’s a good chance that some of those vulnerabilities lie in AI models themselves — or the data used to…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today