Seyfarth Cyberattack Spotlights Gaps In Law Firm Security

By Xiumei Dong
Law360 is providing free access to its coronavirus coverage to make sure all members of the legal community have accurate information in this time of uncertainty and change. Use the form below to sign up for any of our weekly newsletters. Signing up for any of our section newsletters will opt you in to the weekly Coronavirus briefing.

Sign up for our Legal Ethics newsletter

You must correct or enter the following before you can sign up:

Select more newsletters to receive for free [+] Show less [-]

Thank You!

Law360 (October 15, 2020, 8:21 PM EDT) -- The recent ransomware attack against Seyfarth Shaw LLP should be a wake-up call for law firms to rethink their cybersecurity strategies and policies, as the shift to remote work caused by the coronavirus pandemic is making firms more vulnerable than ever, cybersecurity experts say.

In an update Thursday, Seyfarth said it still found "no evidence that any client or firm data was either accessed or removed" in the Oct. 10 ransomware incident. The firm added that it is now in the restoration phase and has been able to bring its email system fully back online.

"We will continue to work through the weekend, and, based on the progress we have made so far, we expect to have full restoration of all of our critical systems by early next week," the firm's statement said.

In Seyfarth's case, the firm was able to stop the attack soon after detection, but not until after many of its systems, including email, were encrypted by malware, according to the firm. Such encryption means Seyfarth cannot access its files without the decryption keys, and the firm either has to pay the attacker to regain access or restore its data from a backup.

"I think you have to applaud Seyfarth for owning it and for being upfront, right?" said Frank Gillman, a former BigLaw chief information officer who now works at consulting firm Vertex Advisors. "It's a daunting task for any business to protect itself from cyberthreats, and partially that's because the ... biggest cyberthreat[s] are people."

Especially during the coronavirus pandemic, when most of the workforce is working from home, law firms' "attack surface," or ways hackers can access and steal data, is extended far beyond the traditional office-based infrastructure, Gillman added.

"The possibilities for attacks are multiplied ad infinitum by having everyone use all these different devices," he said.

Moreover, ransomware attacks are also getting more sophisticated in 2020, according to Bill Nelson, CEO of Global Resilience Federation, a nonprofit association that acts as a sharing hub and intelligence provider for cyber and physical security information.

"In 2020, we started to see ransomware attacks add a new feature," Nelson said, explaining that bad actors now are able to gain unauthorized access to data from a system before launching a ransomware attack to encrypt the files. This has resulted in a significant increase in ransom payments, which often exceeds a million dollars.

A September report by Coalition, one of the largest providers of cyber insurance services in North America, showed that the first half of 2020 has been particularly hard for many organizations, with 41% of all claims paid out related to ransomware attacks, noted Anne Hasenstab, an Oregon-based executive risk practice leader for Ward Insurance.

Coalition's report also showed that the frequency of ransomware attacks against its policyholders rose 260% in the first six months of 2020, while the average ransom demand increased 47% from previously recorded numbers.

"With cybercriminals, they kind of launch a piece of malicious code out into the universe, and whichever doors and windows are flopping open, they're going to go in and exploit," Hasenstab said, adding that she has also seen an increase in insurance claims filed by law firms since they started operating remotely.

The shift to remote work — and the increased dependence on online technology — means that when systems are held hostage, "it does put companies at a significant level of misery," Hasenstab said. She and other experts encourage law firms to incorporate infrastructure changes into their cybersecurity policies, considering the technical differences when conducting assessments or testing.

"I would urge every firm out there to double or triple their previous efforts towards cyber risk mitigation," Vertex Advisors' Gillman said, adding that firms should operate on "the principle of least privilege," meaning that only the minimum necessary access should be granted to perform routine, authorized activities.

While most of the headline-grabbing cyberattacks have so far been against BigLaw, Hasenstab noted that smaller and midsize firms have also reported being targeted by cybercriminals.

"The shift is, it's less about the quantity and more about the quality of the data, so it's more about what's important to you that they can then exploit and then get money from you," Hasenstab said.

As for how to prevent cyberattacks, Hasenstab recommends that law firms of all sizes implement multifactor authentication for important information and create "a culture of inclusion" that puts cybersecurity in the firm's risk management portfolio, including cyber insurance.

"Everyone is anticipating a return to the traditional work environment in 2021, but what's happened is the technical infrastructure of law firms has changed, and it's expanded, and it's shifted," Gillman said. "So, what worked for you in 2019 isn't necessarily the same in 2020."

--Editing by Alanna Weissman and Kelly Duncan.

For a reprint of this article, please contact

Hello! I'm Law360's automated support bot.

How can I help you today?

For example, you can type:
  • I forgot my password
  • I took a free trial but didn't get a verification email
  • How do I sign up for a newsletter?
Ask a question!