Cybersecurity: SIEM is a useful early warning tool for cyber-secure law firms

By Carl Mazzanti

Law firms are increasingly adopting digital work tools – and cybersecurity is becoming an increasingly significant concern as nation-state and other bad actors try to gain access to sensitive data. In response, experienced managed services providers are using a layered defense approach – including the deployment of sophisticated tools that blend artificial intelligence with human insight – to help repel intruders. This strategy ensures that even if a bad actor manages to get past one layer of IT defense, they will be blocked by others.

One ply of defense involves an SIEM (security information and event management) system and an SOC (security operations center). 

Constant data monitoring

An SIEM is a kind of distant early warning system. It is automated – with the managed services provider supplying the human oversight – and continuously reviews device and application logs on a real-time basis. Suspicious activity is flagged. It can, if enabled, launch immediate responses designed to shield the system.

System logging initially developed in the late 1970s as a way to debug and troubleshoot computer systems. Over time, SIEM tools developed which analyze application log activity like system sign-ons and data transfers with an eye toward detecting potential breaches where attackers have sought to access protected data.

Today, an integrated SIEM/SOC collects logs and analyzes security events, along with other data, to track threat detection and enable rapid incident response. The latest generation of SIEM/SOCs are equipped with advanced tools and technologies that generate alerts, based on predefined criteria, to implement advanced threat detection systems that use machine learning and artificial intelligence to filter out false positives, while prioritizing genuine threats.

Those in a security operations center (SOC) determine the veracity and severity of the perceived security threats as detected by the SIEM and implement the appropriate responses.

The human factor

Other cybersecurity attacks seek out individuals at a firm when probing for weak spots.

One popular attack vector leverages phishing attacks, where hackers dupe an employee into revealing sensitive information or access credentials. Once limited to crude, fake emails, AI has enabled bad actors to scrape the internet for up-to-date details about law firms and their  activities. That has enabled cyber criminals to create emails, phone calls and video calls – often requesting confidential information, or transfers of funds – that appear to come from an authorized individual, but are actually from a hacker. A cybersecurity managed service provider can work with firms to train employees to recognize and resist these phishing email, video, and other schemes. Ongoing training also ensures that employees are familiar with the latest twists in cyber threats and how to safeguard sensitive data.

Encryption – which secures information by transforming it into an unreadable format that can only be deciphered by an authorized party – is another layered defense. From client communication to court results, encryption can make sure that anything confidential stays safe. A security provider can also help to secure email systems so bulk exchanges are devoid of interception.

Firms also need to be vigilant about restricting who can see data, so authorized personnel are the only ones able to access sensitive client information. Role-based access control allows firms to restrict information access depending on an individual’s role. For instance, a paralegal might be granted access to files that are case-specific to certain clients, while an attorney is allowed broader access across a set of cases.

A secure future

Cybercriminals will continue to utilize advanced tech tools to attack law firms, but a managed service provider will employ leading-edge cybersecurity tools, services, and training to protect law firms’ case data and also ensure that firms remain compliant with privacy and other regulations. In today’s high-risk environment cybersecurity is not just an option, it’s a requirement.

 

Carl Mazzanti is president of eMazzanti Technologies in Hoboken, N.J., providing IT consulting services for businesses ranging from home offices to multinational corporations. The company can be contacted at: 866-362-9926.