US law firm Bregman Berbert Schwartz Gilday, one of the oldest and most reputed in the country, became the latest in the sector to face a cyber-attack. The notorious BlackCat/ALPHV ransomware gang listed the American law firm Bregman Berbert Schwartz Gilday as its new victim.
Dark web researchers have confirmed to The Cyber Express that the ransomware has stolen data from the company and has listed it on nefarious data trading forums.
At the time of writing, the company has not shared any reports about the attack, nor did it concede that the threat actor has compromised any data.
Bregman Berbert Schwartz Gilday is a reputed name in the US legal service, dealing with litigation, landlord and tenant matters, condominium and homeowners associations, and business transactions. The company has a long history of serving clients in the United States.
Bregman Berbert, latest in the line
In Q3, the rise of cyberattacks has taken a toll on different industries, and recently the shift of focus on law firms has risen several folds. In April 2022, the data breach of law firms McCarter & English and Stevens & Lee indicated that threat actors target companies in all the major sectors, regardless of size and revenue.
According to the American Bar Association’s 2021 Legal Technology Survey Report, about 25% of the law firms surveyed in the US conceded that they faced a cyber incident in that year. The number of cases reported in these regions in 2022 has already surpassed that of 2021.
The insights from the ABA report were alarming. The current data indicates that the issues listed have worsened.
Law firms: low-hanging fruits
Nearly four out of five solo practitioners surveyed said they were responsible for the security of their law firms, while larger firms often have expert consultants, IT staff, or a chief information officer in charge.
In some larger firms, a chief security officer was responsible for security. Interestingly, the percentage of firms with 100-499 attorneys and 500 or more attorneys that have a chief security officer is 13% and 16%, respectively. This percentage may seem low given the importance of security in these types of firms.
About half of survey respondents reported that their firms have a policy for managing the retention of data, while 60% have a policy for email use, 56% for internet use, 57% for acceptable computer use, 56% for remote access, 48% for social media, 32% for personal technology/BYOD, and 44% for employee privacy.
These numbers are generally higher in larger firms and have increased over time, while smaller firms tend to have lower numbers in these areas.
Alarmingly, 17% of respondents stated that their firms have no security policies in place, and 8% were unaware of any security policies. This indicates that many law firms need to prioritize security.
Incident response plans, which are critical for handling security breaches, are lacking in many law firms. Only 36% of respondents reported that their firm has an incident response plan, with the percentage increasing with firm size: 12% for solo firms, 21% for firms with two to nine attorneys, and 80% for firms with 100 or more attorneys.