Does Your Firm Have a Cyber-Security Officer?

I spent a couple days this week at Vantage 2013, the conference for users of Thomson Reuters Elite. The most fascinating presentation I attended there was by Richard Bejtlich, chief security officer at the cyber-security consulting company Mandiant.

Bejtlich painted a terrifying view of cyber-security at law firms — or, more precisely, the lack of cyber security at law firms. If yours is a law firm of any size, there is a good chance someone out there is trying to hack into you, or already has. These aren’t Mountain Dew-fueled college kids doing the hacking, but sophisticated governments and organizations. (Mandiant recently published a report detailing the work of the most prolific cyber espionage group.)

For that reason, Bejtlich recommends that every law firm larger than 100 lawyers should have a full-time cyber security officer on staff. Large law firms of 1,000 lawyers should have six or more security officers.

Sitting at lunch afterwards with several law firm administrators, not one had a security officer at his or her firm. It made me wonder whether any firms have taken this step. If your firm has a security officer, I’d love to hear about it.

I can’t replay Bejtlich’s speech for you. However, Gretchen DeSutter at the Thomson Reuters Legal Current blog has a recap of his talk along with a brief video interview with him: Cyber Theft: You can’t stop it, so how fast can you respond?