On top of that, there are just too many methods that bad actors can deploy to gain access to a firm’s system or database, said John Reed Stark, a former U.S. Securities and Exchange Commission internet enforcement chief and the president of data breach response and digital compliance firm John Reed Stark Consulting LLC.
Just looking at cyberattacks alone, Stark listed multiple techniques such as ransomware, phishing scams and advanced persistent threat, in which an intruder gains access to a network and remains undetected for an extended time.
“In general, the biggest vulnerability that companies have comes down to people,” Stark said. “So while there are plenty of technologically complex attacks, the vast majority of them start with somebody clicking on something they shouldn’t, or somebody creating a vulnerability by not securing their own system access properly.”
Law Firms’ Reported Cyberattacks Are ‘Tip Of The Iceberg’