Paul Martin from Ricoh shares some key takeaways from a meeting of legal industry IT leaders, discussing the latest security threats they are facing.
Ricoh UK recently hosted the second in their “Industry Voices” (IV) series of events, this time hosted in London by Stuart Whittle, business services and innovation director at Weightmans, bringing together senior IT leaders from across the legal industry to explore the evolving security threats that firms are having to defend against.
Ricoh’s Jess White posed the following question as an opener to what went on to be an incredibly interesting and insightful discussion: “Given the headlines in the news recently of organisations with unparalleled brand awareness and with what seemed to be a range of good security solutions in place being breached and severely impacted, will you be looking to reevaluate your approach to cyber security, especially in a world where threat actors increasingly login instead of hacking in?”
The initial response was “yes of course”! But what followed were a number of key concerns and comments about the threat landscape, attack surface and breaches, and near misses.
The first concern raised was around the continuous adding of layers, understanding what layers were truly needed, and reducing supplier bloat. Were there instances where firms could be as effective in mitigating the risk with fewer vendors, and was there potential for consolidation, with fewer platform led vendors. The noise that comes from having multiple technologies and dealing with all the alerts they create drove the discussion to being able to identify what is a real risk that needs to be immediately addressed vs what is perhaps lower priority. Staying on top of these alerts 24/7/365 creates alert fatigue and the unknown unknowns.
Another challenge was meeting the demands of clients and suppliers in terms of their supplier questionnaires and the increased levels of due diligence clients are going to, in order to ensure they are protected. Again, this is impacting technology selection and policy implementation.
Lack of control in terms of users or human risk was a recurring theme of the session, with concerns around security awareness training being effective enough. Phishing was discussed along with the increased sophistication of phishing attacks and how hard it is to distinguish which are legitimate emails. There were also points made about seeing campaigns almost aimed at certain key stakeholders in their firms and how heavily these people were targeted and attacked with not only phishing attempts but MFA bombing/fatigue attacks.
Identity was also discussed. Entra compromise was a particular fear, having visibility of who is really logging onto your network and whether or not they are accessing only what they are supposed to. This naturally went onto concerns around data protection and DLP (data loss prevention) with both external threat actors and insider threats being issues talked through.
Specifically with insider threats, the concern was spotting things such as users who may be leaving emailing sensitive information to personal emails accounts or moving data in small amounts to personal non corporate drives. The issue of document classification and how challenging that could be compound this concern.
Whilst areas such as shadow IT are reducing and becoming less of a concern, challenges around departments going ahead and signing up to new applications and SaaS services (such as CRMs in marketing) without consulting IT were raised and then the requirement to allow third party companies access to these systems with no process to vet user identity or secure the access of these external users creating further headaches.
Looking ahead, the next session in this exciting series will be hosted by Mills & Reeve’s head of strategy & architecture Dave Bradshaw at their London office. The date (TBC) will be in January, so please listen out to future comms.
The agenda will revisit the cyber threat challenges discussed, with a focus on practical solutions and an exciting demo that will clearly show how to mitigate some of the concerns raised – not to be missed if client data security is on your agenda, and lets face it, when is it not. The second half of the session will shift to outsourcing, and will pose the question: given the cost of very expensive office space and people, what non-core activities are best served by outsourcing to a third party? This will be a lively one! If you want to come, please message me: paul.martin@ricoh.co.uk