As 2024 unfolds, the legal industry faces unprecedented cybersecurity challenges. The previous year saw a surge in cyber attacks targeting law firms and legal tech companies, with ransomware groups like LockBit, CLOP, and BlackCat/ALPHV intensifying their strategies. Experts from the legal sector share their insights on what to expect in the cybersecurity landscape for 2024. This article compiles their forecasts in an attempt to provide clarity on the evolving cyber threats.
Expert Predictions on Cybersecurity Trends
Cyrus Vance, Baker McKenzie
Cyrus Vance predicts a cyber tipping point in 2024, with supply chains becoming a primary attack vector for global IT systems. He emphasizes the complexity of preparing for, preventing, and responding to cyber risks in a global context.
Erik Weinick, Otterbourg P.C.
Erik Weinick expects continued focus on AI, privacy, and cybersecurity in 2024, predicting governmental efforts aimed at addressing these concerns, especially in an election year.
David Wheeler, Neal Gerber Eisenberg
David Wheeler highlights the need for internal governance and compliance initiatives, especially at the intersection of AI and cybersecurity. He foresees AI tools discovering data flow anomalies and enhancing security incident detection and prevention.
Beau Wysong, Opus 2
Beau Wysong anticipates continued headlines about data breaches and the exacerbation of cybersecurity problems due to a growing skills shortage. He predicts an increase in security due diligence for technology vendors.
Shannon Yavorsky, Orrick Herrington & Sutcliffe
Shannon Yavorsky sees cybersecurity advisory work moving toward earlier stage and B2B companies, as corporations realize their supply chains can be entry points for cyberattacks. She stresses the need for greater cybersecurity diligence in vendor incorporation.
Shawn Belovich, Haystack ID
Shawn Belovich of Haystack ID forecasts a relentless evolution of ransomware, driven by threat actors’ exploitation of Generative AI (GenAI). He emphasizes the necessity of resilience-based cybersecurity approaches, viewing them not as cost centers but as critical investments for survival.
Cat Casey, Reveal
Cat Casey predicts an increase in high-profile breaches due to the legal sector’s vulnerability and the adoption of AI-powered technology. She advocates for the development of robust policies to counter these threats.
Kate Deniston, Bird & Bird (UK)
Kate Deniston warns of security risks associated with generative AI, including indirect prompt injection attacks and data poisoning. She foresees a focus on security protection mechanisms for AI tools in 2024.
Mike Fouts, ShareFile
Mike Fouts expects law firms to prioritize preventing data breaches, investing in secure solutions for data protection and streamlined workflows. He sees a future where automation technologies, including AI, play a significant role in information protection and workflow optimization.
Shaun Gaffney, Gimmal
Shaun Gaffney highlights the inevitability of data breaches and the growing importance of cybersecurity insurance. He stresses the need for evidence of data management and records retention to meet stringent insurance underwriter requirements.
Tim Gallagher, Nardello & Co.
Tim Gallagher predicts the ascendancy of passkeys, which rely on biometrics, as a preferred authentication method to counter password-related breaches.
Rocco Grillo, Alvarez & Marsal Disputes and Investigations
Rocco Grillo foresees the evolution of the Chief Information Security Officer (CISO) role, integrating risk management into overall cybersecurity strategies. He emphasizes the central roles of executive leadership in cyber resilience.
Tariq Hafeez, LegalEase Solutions
Tariq Hafeez anticipates the ongoing battle between cybersecurity advancements and cyber threats. He predicts enhanced threat detection and predictive analytics, but also warns of the rise in sophisticated cybercrime techniques.
Sundhar Rajan, Casepoint
Sundhar Rajan stresses the importance of protecting data transfers and implementing robust encryption protocols. He also suggests exploring faster, more efficient, and secure data transfer methods.
Marcin Święty, Relativity
Marcin Święty warns of the continued threat of ransomware in the data-heavy legal tech industry and advises preparation for inventive ransomware schemes.
Christopher Stangl & Thomas Brown, BRG
Christopher Stangl and Thomas Brown anticipate growth in vulnerability exploitation following the ‘Citrix Bleed’ incident. They advocate for active and committed patch management programs.
Martin Tully, Redgrave LLP
Martin Tully discusses the increasing accountability of senior management for data protection and cybersecurity measures. He predicts heightened scrutiny of C-suite roles in cybersecurity protections following breaches.
Conclusion: Preparing for a Cyber-Resilient 2024
These expert predictions highlight the legal industry’s urgent need to adapt and strengthen its cybersecurity posture in the face of evolving threats. As we progress through 2024, it is evident that cybersecurity will remain a top priority, requiring continuous vigilance and proactive measures