Threat Intelligence

6/22/2017
03:15 PM
50%
50%

Most General Counsels Fret over Data Security

An overwhelming percentage of in-house attorneys say cyberattacks and the impact on their business keeps them up at night, a recent survey shows.

Fears over hacking, phishing, malware, and ransomware cause great concern among a vast majority of general counsels, according to a survey released today by ALM Intelligence and Morrison & Foerster.

The survey of more than 200 in-house top attorneys at US companies reveals that 87% toss and turn at night over these particular cyber threats. Some 62% are concerned that employee mistakes will lead to data security and privacy loss, while 50% fear potential security breaches by non-law firm vendors.

The survey also found that a majority of attorneys worry about cybersecurity threats (57%); the potential cost or impact to the firm's budget by these attacks (55%); and the potential for a government or regulatory investigation to be launched as a result of a breach (55%).

Hacking, phishing, malware, and ransomware are a bigger deal to attorneys than labor and employment litigation (59%) and than intellectual property infringement (60%), according to the survey.

Read more about the survey here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
6/25/2017 | 1:44:36 PM
Understandable
It's not hard to see why in-house counsel is so concerned with cybersecurity, considering (1) the increasing awareness that CISOs should not report to CIOs (because of the inherent conflict of interest) that has led some organizations to trend to having CISOs work closely with and/or report to General Cousel, and (2) developments like this one -- leading to greater InfoSec-related compliance costs: darkreading.com/partner-perspectives/f5/talking-cyber-risk-with-executives/a/d-id/1329161?
Valentine's Emails Laced with Gandcrab Ransomware
Kelly Sheridan, Staff Editor, Dark Reading,  2/14/2019
High Stress Levels Impacting CISOs Physically, Mentally
Jai Vijayan, Freelance writer,  2/14/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-20782
PUBLISHED: 2019-02-17
The GloBee plugin before 1.1.2 for WooCommerce mishandles IPN messages.
CVE-2019-8407
PUBLISHED: 2019-02-17
HongCMS 3.0.0 allows arbitrary file read and write operations via a ../ in the filename parameter to the admin/index.php/language/edit URI.
CVE-2019-8408
PUBLISHED: 2019-02-17
OneFileCMS 3.6.13 allows remote attackers to modify onefilecms.php by clicking the Copy button twice.
CVE-2016-10742
PUBLISHED: 2019-02-17
Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before 3.2.10rc1, and 3.3.x and 3.4.x before 3.4.4rc1 allows open redirect via the request parameter.
CVE-2019-8393
PUBLISHED: 2019-02-17
Hotels_Server through 2018-11-05 has SQL Injection via the API because the controller/api/login.php telephone parameter is mishandled.