It was a dull periodic reminder in the past, but cybersecurity seems to be a daily thing recently. I am not a news junkie, but do have a process for headline scanning. In large part, I am ensconced in the workers' compensation community and somewhat measure the relevance of news based upon whether it impacts me or that community. Perhaps we are all that way to some degree, focused individually on things that interest or impact us? Increasingly, I return to cyber threats and the miscreants that inhabit our world.
About two years ago, I became focused on the threats to our cyber well-being. We are bombarded with news about identity theft, spam, and worse. The import of cybersecurity came home to me at a SAWCA program that was an eye-opener. I documented it in The Future of Workers' Compensation (July 2015). Since then, I have written repeatedly on the subject: See Cybersecurity - 2020's Hot Topic (January 2020), Cybersecurity 2020 Again (April 2020), Cyber Threats 2020 (July 2020), The Physical Premises of Cyber-security (August 2020), Cybersecurity Forum 2020 (August 2020),
Cybersecurity Hits Home (May 2021); Cybersecurity, the Pillory, and More (May 2021), Your Cyber-health is Your Job (June 2021), and Your Light Switch Could Be Spying (June 2021).
As an aside, that January 2020 headline is a Dewey Beats Truman, huh? 2020's Hot Topic indeed. Thanks COVID.
I am not certain whether cyber risk is on the rise, is getting more press, or is simply attracting my attention more readily. However, it seems to be on my mind more, and noticed in the news more in any event. As a member of The Florida Bar, I receive a newspaper periodically. For the unfamiliar, this is similar to a website, but the stories are actually printed on processed wood pulp that is then actually brought to me by a uniformed representative of the federal government, called a "letter carrier," for my reading pleasure. In olden times, there were many such "papers" and some people read them daily. Back in the dark ages, I actually delivered them as a job (though without the letter carrier's fine uniform and imprimatur of authority).
Thus, periodically, I pause for a moment and hold the news in my hand. It is a somewhat comforting throwback to yesteryear. There is something about the texture, the smell, and even the occasional stained fingers that bring back memories of the Dark Ages and the Renaissance some of us have lived through. But, I digress. The most recent Florida Bar News reminded me, oddly enough, of cyber-security, repeatedly.
The first story urged us to Prepare Now to Thwart Ransomware Attacks. Ransomware was recently a national story as we all struggled to purchase gasoline after some bad actors shut down a pipeline for giggles and profit, see Cybersecurity Hits Home (May 2021).
This features a law firm promoting itself on social media, specifically about a party it planned. That led to an email instructing the accountant to wire $150,000 for the party (that was "some party" it seems, most people spend that kind of cash on a house, huh?) The email was a scam and the money is gone. I suspect the accountant may be gone also, but that is conjecture.
The instance leads the Bar News to remind us that “law firms are actually stalked online.” Yes, there are folks cyberstalking people, people like you and me. That is, following them somewhat compulsively, which is perhaps harmless if we are simply curious about what Beyonce had for breakfast or which of the Kardashians we should have in our thoughts (bless their hearts). But, the experts warn that some stalkers are more dangerous and threatening.
Experts at a recent program warned that law firms "have so much protected information," and that it is "worth so much money on the dark web." You have assets that people have entrusted to you, and those assets can be bought and sold in the underworld. If a client came to you with their bearer bonds to hold, you would lock them in a safe or a bank's vault. But, they come to you with their identities and perhaps you are less assiduous with "locking" that away?
Oh, there is good news. The recent program highlighted that the worst of the worst (like Russia or North Korea, yes nations are engaged in miscreant behavior) are not the ones coming after us little folks. That we need not fear the biggest bullies on the playground does not mean we will not be bullied. But the bad news is that us little folks are the "low hanging fruit" of the cyber world. The discussion reminded me of the age-old bear joke. Two hikers find themselves facing a bear. One begins changing from boots to running shoes and the other says "you idiot, you cannot outrun that bear." The shoe-changer says "I don't have to, I just have to outrun you." Too funny. Chilling perhaps, but too funny. I don't have to make my house burglar proof, just more secure than my neighbor's?
Ransomware is the focus, however, and there are instances of it daily. The experts discuss the ones that make the news (see Hits Home, supra), but they think many others are never reported. They conjecture that there is embarrassment and potential reputation damage from having been suckered. Thus, there is a belief that many such events are quietly paid for and perhaps too soon forgotten. As a result, the experts think the price of our complacency is rising, as is the frequency of the attacks. Why do they keep attacking? Because it works, you work, and these miscreants want the fruit of you work (cash).
The sad news is that these people are not that imaginative or enterprising. In the end, we seem to be just that gullible, and we keep falling for the same scams. The miscreants redecorate them, reuse them, and we fall for them yet again. Remember the old saw "fool me once, shame on you, fool me twice . . . " You get the point. It is tragic that people continue to be fooled, but it is also up to each of us to become better at protecting ourselves. Fortunately, we can learn from the mistakes of others.
If you would like to get some free advice on this, there is a free video of a recent presentation at abotaftl.org (“Dealing with Emerging Threats to Clients, Lawyers and Firms,”). Anyone too smart to get better educated? Oh, and it satisfies the technology requirement for CLE purposes.
You may also want to peruse Attorney Emails Used in Phishing Attempts, or Hackers have a Devastating New Target. You don't really have to look for this news, it is daily and scary. Perhaps so persistent that we start to become numb to it, too eager to disregard it? The lyrics from Yes reminded us "It can happen to you, It can happen to me, It can happen to everyone eventually" (2002). This is too true, too real, and too scary.
If nothing else, join me for a day-long foray into cybersecurity at the 2021 Workers' Compensation Institute. I am hosting a day with experts that will illuminate your risk, suggest valid precautions, and prepare you for the future. We have recruited an incredible array of outstanding speakers with expertise, experience, and patience. I will strive to keep us focused on the impact of these threats to normal folks like you and me. And, you will be able to ask questions and interact. The time for your focus on digital safety is well nigh. You need to plan to join us on December 15, 2021, at the WCI (this breakout is included in your registration, critical to your future, and will be engaging).
Cannot get the song out of my head now, "It can happen to you, It can happen to me, It can happen to everyone eventually." Catchy tune, a scary theme.
