CYBERSECURITY LAW: A GROWING SPECIALIZATION FOR LAWYERS

Over the last few years dating back to the events of 9/11, cyber security law has grown in demand due to an
increased number of threats. It’s no surprise that the pandemic has heightened security attacks with business being
conducted almost completely online. Compared to Q1 of 2020, cyber attacks increased by 17% in Q2 of 2021 with
the majority of them being targeted attacks.

The increase in cyber-attacks has opened a unique opportunity for law students and legal professionals to enter the
cyber security space. To best combat cybercriminals, it’s important to keep a pulse on current threats and tactics
impacting the world today.

Top Cyber Security Threats

The tactics in which cybercriminals steal information have become more sophisticated over the years making it more
difficult to identify and avoid an attack. However, there are a few common threats that companies and especially legal
professionals should be on high alert for.

Ransomware And Malware

As of 2019, ransomware remains the biggest cyber security threat to law firms and companies that harbor large
amounts of personal data. Ransomware is a type of malware software that is designed to encrypt files on any device.
Traditionally, once these files are unusable by the owner, cybercriminals demand ransom in exchange for releasing
the data and it would stop there. As cybercriminals have evolved their tactics, they will now aggressively threaten
companies with releasing or selling sensitive data. The average cost of these attacks can be anywhere from
hundreds of thousands to millions of dollars.

Phishing

Phishing means exactly what you think. Cybercriminals “fish” for information by tricking individuals via emails that
hold malicious links or attachments. Once you take the bait by clicking or opening information within the email,
malware will be installed. Some phishing emails are easily identifiable by grammatical errors, use of font, or an
unknown email address. However, not all phishing emails are easily noticeable. It’s important to remember that
anyone can fall victim to these attacks and you should take measures to educate yourself and your team on the
warning signs.

Man in the middle attack

Short for MitM, the man in the middle attack involves a cybercriminal disrupting communication between their victim
and a reputable source or company. The cybercriminal typically gains access to you via a Wi-Fi router or public
hotspot. The scariest aspect of this attack is that neither party is aware of the cybercriminal or “middle man” who is
intercepting their communications.

A common example of this attack would be the hacker emailing the victim from an email that appears to be from work
or a bank requesting personal information. The victim is taken to a screen they’re familiar with logging into and their
information is captured by the hacker.
Denial of service attack

This attack is carried out by flooding a network host or server with so much traffic that it’s no longer accessible by
legitimate users. Cybercriminals will send mass amounts of requests that appear to be legitimate with false return
addresses. The server is then overwhelmed with the requests and will be stuck trying to filter the junk requests.

DoS attacks come in different forms such as a smurf attack, where spoofed IP packets are sent to victims. Once the
recipient responds, the server is flooded. Another tactic is called an SYN flood which involves a cybercriminal making
a disconnected “handshake.” The cybercriminal sends a connection to the victim’s server but doesn’t complete the
necessary connection needed for a Transmission Control Protocol, leaving the victim’s server inactive to new
requests.

Outlook on cybersecurity law and the workforce

While the increase of cybersecurity attacks continues to raise eyebrows across the nation, it’s shining a light on the
need for skilled professionals and specifically women to break into the world of cybersecurity to close impending
staffing gaps. Cybercrime is expected to cost the economy upwards of $6 trillion this year alone and must be
supplemented by a strong, diverse workforce.

With an anticipated 3.5 million unfilled cybersecurity positions in 2021, the opportunity for lawyers to dive into the
profession has never been easier. More universities are even adding cybersecurity law tracks to their curriculum and
offering programs that can be completed 100% online to help grow the in-demand profession. A cybersecurity degree
opens opportunities for lawyers to work in roles beyond the legal industry holding titles such as cybersecurity
compliance investigators or cyber security analysts with starting salaries ranging from $90,000 to $120,000
depending on experience and location.

The time for lawyers interested in cybersecurity or looking to add a competitive edge to their practice is now. Not only
for their professional development but to help support anti-cyber attack initiatives and to educate the public.