In light of the December 2020 reporting that SolarWinds’s Orion platform was hacked, Jim Turner was quoted in the January 21, 2021 LegalTech News discussing third-party data vulnerabilities on law firms that are cyber-attacked and have no protection. While the platform isn’t commonly used among law firms, firms’ data could be at risk due to the other companies and government agencies that were hacked.
“The firms we work with don’t use it,” Turner said. “The risk is coming in from their vendors and supply chain.”
To mitigate this risk in light of the Orion hack and similar future attacks, firms should have a plan for third-party vulnerabilities. “It’s always a good practice for firms to have a process whenever there’s a hack,” Turner told LegalTech News. “Firms should have an incident response plan. Many firms don’t, but they should.”
These response plans should be designed to assess and triage potential vulnerabilities. “We may not know the true severity for years to come, that’s how big it is,” he said of the Orion hack. “That’s why IT needs to scan the networks, audit and follow security best practices.”
From a preventative standpoint, Turner suggests firms are too often lulled into a false sense of protection when their IT departments or vendors provide services. “In some firms, they become complacent that their internal IT department or vendors are on top of things, and what we’ve seen in high-profile hack so flaw firms’ internal IT or outsource IT providers is that they weren’t up-to-date.”
For the full article, LegalTech News subscribers may access the article here.
Locations