I spent a couple days this week at Vantage 2013, the conference for users of Thomson Reuters Elite. The most fascinating presentation I attended there was by Richard Bejtlich, chief security officer at the cyber-security consulting company Mandiant.

Bejtlich painted a terrifying view of cyber-security at law firms — or, more precisely, the lack of cyber security at law firms. If yours is a law firm of any size, there is a good chance someone out there is trying to hack into you, or already has. These aren’t Mountain Dew-fueled college kids doing the hacking, but sophisticated governments and organizations. (Mandiant recently published a report detailing the work of the most prolific cyber espionage group.)

For that reason, Bejtlich recommends that every law firm larger than 100 lawyers should have a full-time cyber security officer on staff. Large law firms of 1,000 lawyers should have six or more security officers.

Sitting at lunch afterwards with several law firm administrators, not one had a security officer at his or her firm. It made me wonder whether any firms have taken this step. If your firm has a security officer, I’d love to hear about it.

I can’t replay Bejtlich’s speech for you. However, Gretchen DeSutter at the Thomson Reuters Legal Current blog has a recap of his talk along with a brief video interview with him: Cyber Theft: You can’t stop it, so how fast can you respond?

  • I fully agree Bob, intriguing and frightening view on what is actually happening. Hope law firm leaders will pick this up soon and ACT!

    Good to see you again by the way 🙂



  • Good work putting up the link to the report Bob, and indeed it was terrifying especially the point he made in the talk that it’s far more cost efficient for hackers and spies to break into a law firm to get to their clients than to hack the clients, as they will nearly always have far better security. So law firms are hot targets.

    I did an audio interview with Bejtlich that day on this very subject – you can hear it here:


  • It is no surprise why hackers would want to target law firms. The information attorneys receive from their clients, including patented inventions, financial data, and marketing strategies, can all be extremely valuable in the hands of a third-party.

  • Be aware of digital threats is extremely important – the main problem being the threat is continuously changing meaning that a dedicated resource such as a security officer is a great idea.

    On a separate note it is not always the criminally minded you needed to worry about hacking your clients data – a scandal that has just broken over here in Ireland is the phone tapping of local Gardai stations phone calls between clients and solicitors!