When Bloomberg’s Big Law Business Summit — West began in San Francisco two weeks ago, lawyers were ready to dive into sessions on patent litigation and IP management. Thanks to Dr. Phyllis A. Schneck of Promontory Financial Group, attendees also gained critical insight into emerging cyberlaw security risks.

Specifically, Dr. Schneck took on the myth that simply meeting security requirements keeps companies safe. Here’s a look at the case for critical overcompliance.

Sidestepping Security

Ensuring regulatory compliance is a must for any law firm to protect client information, intellectual property and personal data. But as noted by Dr. Schneck, this isn’t enough to deter cybercriminals, “because the bad guy knows how we’re compliant.” This allows them to circumvent basic compliance measures and insert new code in memory to change the way specific apps or systems operate.

Dr. Schneck pointed to three more worrisome, critical concerns in the evolving digital world:

• “Wicked Fast Computing” — Attackers can use artificial intelligence (AI) and bring disparate data sets together to compromise corporate networks.
• Everything Handles Data — New technologies are natively designed to collect, process, store and share data, making it easier than ever for actors to infiltrate systems and exfiltrate information.
• Storage for Efficiency and Enjoyment — The Internet of Things (IoT) has created a network of connected physical devices that collect massive amounts of data, potentially exposing intellectual property.
  

Add in the fact that malware is now readily available on public and Dark Web sites, and it’s easy for would-be bad guys to add their own code to existing tools and create new attack variants that companies simply aren’t prepared to handle.

The result? Compliance measures designed to mitigate existing threats are already one step behind cybercriminals.

Going Beyond Basics at the Big Law Business Summit

Ultimately, Dr. Schneck makes a case for using the “necessary and good exercise” of checking compliance boxes to become “more than compliant.” But it’s one thing to recognize the need for overcompliance and another to implement effective changes. How do law firms — and other industries — achieve this goal?

As noted by IDG Connect, automation can improve companies’ ability to meet basic compliance goals. By adding automation to key network security policies and procedures, it’s possible to reduce the time between threat activity and threat detection, in turn reducing the impact of malware attacks. Cloud-based defenses are also critical for overcompliance because they can act in real time to obtain new threat data, download security patches and quarantine potential threats.

Last but not least? According to Dr. Schneck, companies need to recognize that achieving better compliance is “not a technology problem.” User behaviors and expectations are now driving the edge of technology innovation, but this innovation is outpacing security policies and procedures. Attackers are able to slip into the gaps left between current security methods and the level of service and access demanded by staff and consumers.

While spending on compliance tools and technologies can help mitigate the impact of existing threats, dealing with new attack vectors demands human-centric polices that recognize the inextricable link between user and device.

Dr. Schneck’s presentation at the Bloomberg Big Law Business Summit makes it clear: Cybercriminals are in a better position than ever to compromise corporate networks and steal critical data. Compliance is a great starting point, but isn’t enough to defend against emerging digital threats.