Tom Borman, LawFuel Tech Contributor
The recent global IT outage caused by a security update from CrowdStrike has once again indicated the importance of cybersecurity measures for law firms that appeared to have been largely unaffected by the major outage.
The outage, related to Microsoft software, disrupted operations at numerous law firms, affecting their ability to access internal documents and email systems and provides some indication of what an equally major cybersecurity attack would do, probably with even greater impact in terms of organizations’ technical infrastructure resilience.
Several law firms encountered issues with the CrowdStrike outage with Ashurst experiencing website inaccessibility while Kirkland & Ellis has problems with their internal email system and other firms experienced similar difficulties.
- Reed Smith responded swiftly, mobilizing its US operations to mitigate the impact, and managed to restore normal operations before the start of the East Coast business day
Despite these disruptions, many law firms emphasized the importance of preparedness and resilience. Reed Smith’s Chief Information Officer, Ryan McEnroe, highlighted their established protocols to handle such incidents, which facilitated a quicker recovery.
Claims and Insurance
The outage is expected to lead to numerous business interruption (BI) claims. Analysts believe that BI claims will drive the bulk of insurance industry losses from this event.
This incident is seen as a potential litmus test for cyber underwriters, particularly for companies like Beazley, a specialist insurer headquartered in the UK.
Law firms, like other businesses, have been advised to review their cyber insurance policies to determine if their losses qualify for coverage, which requires prompt notice to obtain coverage under the policies.
Security and Resilience Measures
The outage underscored the need for robust cybersecurity measures and operational resilience.
But what are the best steps that should be taken to enhance security and resilience? Among the steps recommended by experts:
- Breach-ready micro-segmentation: This involves dividing a network into smaller segments to limit the spread of potential breaches.
- Multi-layered defense strategies: Implementing a combination of software solutions, robust policies, regular training, and proactive threat hunting to create a comprehensive cybersecurity posture.
- Contingency planning: Developing and maintaining contingency plans to ensure business continuity during IT disruptions.
Overall, while the global IT outage caused significant disruptions, law firms have demonstrated resilience and a proactive approach to managing the crisis.
The focus on preparedness, insurance coverage, and enhanced cybersecurity measures will be crucial in mitigating the impact of such incidents in the future – a future that will only continue to impose even greater cybersecurity threats to businesses, government infrastructure and law firms.
