The year 2021 is probably going to witness a series of high-profile attacks on almost all sectors. From the fuel supplier Colonial Pipeline, laptop maker Acer, to meat processor JBS, cybercriminals are targeting all kinds of industries. The latest sector to suffer a cyberattack is the New York City Law Department.
According to a report, a sophisticated attack forced the law agency to go offline. The city’s Cyber Command detected unusual activity on the Law Department’s computer network. Upon discovering the attack, the officials immediately disconnected the department’s computers and network systems from the city’s network. While it is unclear who is behind this cyberattack, the mayor of New York City, Bill de Blasio, said there is no sign of misuse of data, however added that the situation was “emerging.”
The New York City Law Department has over 1,000 lawyers and 890 support professionals. A data breach could affect sensitive information belonging to thousands of employees in the department.
“To this hour we have not seen information compromised or a ransom demand. As the investigation remains ongoing, the City has taken additional steps to maintain security, including limiting access to the Law Department’s network at this time. We do fully expect the law department IT environment will be securely reestablished promptly so the law department can get back to the business of serving New Yorkers.
I think people should realize this is something that’s going to be with us for quite a while. And we’re going to have to do a lot to focus on it and constantly protect ourselves,” de Blasio said.
What Experts Say…
Talking to CISO MAG, Shana Simmons, General Counsel at Everlaw, said, “From SolarWinds to Colonial Pipeline to JBS, bad actors are making their way through the most lucrative and impactful businesses and infrastructure – law was inevitably next. While we’re still learning whether any data was stolen from the NYC Law Department in the latest cyberattack, law firms and departments are increasingly an attractive target because of the sensitive nature of their business. From corporate legal and M&A work to litigation and other legal services, they handle large volumes of confidential and personally identifiable information.”
“Yet security loopholes remain: A report from the American Bar Association last year found that only 43% of attorneys use file encryption and less than 40% use email encryption, two-factor authentication, and intrusion prevention. This is concerning, especially for departments that hold the keys to some of the most sensitive data.
Bad actors are on a tear this year, and they’re showing no signs of slowing down. As a result, law firms and departments need to practice safe cybersecurity measures such as: enabling two-factor authentication, backing up data, keeping software patched, and training employees on best security practices,” Simmons added.
This is not the first time that attackers have targeted a government agency to steal data. The intelligence bureau of the New York Police Department (NYPD) and the FBI’s cyber task force are investigating the cyberattack. Although no ransom has been demanded yet, the NYPD hasn’t ruled out the possibility of a ransomware attack.