Cybersecurity Law: A Growing Specialization for Lawyers
Over the last few years dating back to the events of 9/11, cybersecurity law has grown in demand due to an increased number of threats. It’s no surprise that the pandemic has heightened security attacks with business being conducted almost completely online. Compared to Q1 of 2020, cyberattacks increased by 17% in Q2 of 2021 with the majority of them being targeted attacks.
The increase in cyber-attacks has opened a unique opportunity for law students and legal professionals to enter the cybersecurity space. To best combat cybercriminals, it’s important to keep a pulse on current threats and tactics impacting the world today.
Top cybersecurity threats
The tactics in which cybercriminals steal information have become more sophisticated over the years making it more difficult to identify and avoid an attack. However, there are a few common threats that companies and especially legal professionals should be on high alert for.
Ransomware and malware
As of 2019, ransomware remains the biggest cybersecurity threat to law firms and companies that harbor large amounts of personal data. Ransomware is a type of malware software that is designed to encrypt files on any device. Traditionally, once these files are unusable by the owner, cybercriminals demand ransom in exchange for releasing the data and it would stop there. As cybercriminals have evolved their tactics, they will now aggressively threaten companies with releasing or selling sensitive data. The average cost of these attacks can be anywhere from hundreds of thousands to millions of dollars.
Phishing means exactly what you think. Cybercriminals “fish” for information by tricking individuals via emails that hold malicious links or attachments. Once you take the bait by clicking or opening information within the email, malware will be installed. Some phishing emails are easily identifiable by grammatical errors, use of font, or an unknown email address. However, not all phishing emails are easily noticeable. It’s important to remember that anyone can fall victim to these attacks and you should take measures to educate yourself and your team on the warning signs.
Man in the middle attack
Short for MitM, the man in the middle attack involves a cybercriminal disrupting communication between their victim and a reputable source or company. The cybercriminal typically gains access to you via a WiFi router or public hotspot. The scariest aspect of this attack is that neither party is aware of the cybercriminal or “middle man” who is intercepting their communications.
A common example of this attack would be the hacker emailing the victim from an email that appears to be from work or a bank requesting personal information. The victim is taken to a screen they’re familiar with logging into and their information is captured by the hacker.
Denial of service attack
This attack is carried out by flooding a network host or server with so much traffic that it’s no longer accessible by legitimate users. Cybercriminals will send mass amounts of requests that appear to be legitimate with false return addresses. The server is then overwhelmed with the requests and will be stuck trying to filter the junk requests.
DoS attacks come in different forms such as a smurf attack, where spoofed IP packets are sent to victims. Once the recipient responds, the server is flooded. Another tactic is called an SYN flood which involves a cybercriminal making a disconnected “handshake.” The cybercriminal sends a connection to the victim’s server but doesn’t complete the necessary connection needed for a Transmission Control Protocol, leaving the victim’s server inactive to new requests.
Outlook on cybersecurity law and the workforce
While the increase of cybersecurity attacks continues to raise eyebrows across the nation, it’s shining a light on the need for skilled professionals and specifically women to break into the world of cybersecurity to close impending staffing gaps. Cybercrime is expected to cost the economy upwards of $6 trillion this year alone and must be supplemented by a strong, diverse workforce.
With an anticipated 3.5 million unfilled cybersecurity positions in 2021, the opportunity for lawyers to dive into the profession has never been easier. More universities are even adding cybersecurity law tracks to their curriculum and offering programs that can be completed 100% online to help grow the in-demand profession. A cybersecurity degree opens opportunities for lawyers to work in roles beyond the legal industry holding titles such as cybersecurity compliance investigators or cyber security analysts with starting salaries ranging from $90,000 to $120,000 depending on experience and location.
The time for lawyers interested in cybersecurity or looking to add a competitive edge to their practice is now. Not only for their professional development but to help support anti-cyber attack initiatives and to educate the public.