“It’s just a matter of time”: Navigant ex-FBI director warns UK law firms to act on cybercrime

In January, Navigant appointed FBI executive assistant director of the criminal, cyber, response and services branch, Bob Anderson, as managing director of its information security practice.
Anderson’s remit is to grow the practice, which falls within Navigant’s 200-strong global legal technology solution group. The aim is to hire in around 40 more people, who will be dedicated to information security and incident response, helping corporates that have been hacked or advising them on how to avoid cybercrime.
The hires will come from across a range of cyber capabilities and specialisms in both the U.S. and the UK, and Anderson, who before his departure from the FBI at the end of December 2015 led all criminal and cyber investigations worldwide, including the high profile Sony and JP Morgan cases, told Legal IT Insider: “Technology changes so quickly. The ‘old days’ is just two years in cyber, so you if you don’t have people who are constantly seeing what’s going on now you’re out of date.”
Navigant already had a small incident response team that has been going for over a decade but the focus is to build it to an enterprise size team.
Anderson says there has been a clear escalation in the size and scale of incidents lately; the most recent incident the U.S. team responded to involved 600 hard drives and two terabytes of stolen data, with ransomware installed on the company’s computers. It took the Navigant team nine days to remediate the breach, cleaning the system to make sure there were no bugs or malware.
“I’ve no doubt that some of the attacks in States will hit the UK soon,” Anderson warned.
“Law firms are already being hit in the US and they will be hit here, it’s just a matter of time. The bad guys go where the data is and law firms have an immense amount of data and traditionally have had no idea how to protect it. This is an issue people should be looking at, whether they use Navigant or somebody else.
“Law firms are used to advising victims of crime and not being victims of crime, but they must know how to handle their data.”