5 min read
Tired of Data Breaches? How to Reduce Risk After Sensitive Data is Leaked
This blog post is in partnership with LMG Security. With professional hackers and cybersecurity criminals posing a constant threat to law firms...
We've crafted solutions tailored to your firm
The world of insurance for law firms can be confusing, and difficult to navigate. We've created this glossary because these common insurance terms should be easy to understand.
3 min read
Mark Bassingthwaighte, Risk Manager : Oct 18, 2022 12:00:00 AM
The short answer is yes, everyone does; but the reason lawyers need to be concerned requires a longer explanation.
What is a deepfake?
The word “deepfake” comes from combining the words “deep learning” with the word “fake.” A deepfake is digital content that can be created using powerful techniques from machine learning and artificial intelligence to manipulate existing — or generate new — visual and audio content that can easily deceive others who view or hear it. Deepfakes aren’t by definition all bad, for example, deepfake technology is used by the film industry. It’s only when someone creates a deepfake with the intent to cause harm or for use in furtherance of a cyberattack, fraud, extortion attempt, or other scam that they become a serious concern.
Isn’t creating a deepfake crazy hard to do?
Not anymore. Jai Vijayan, Contributing Writer at Dark Reading recently stated: “It’s time to dispel notions of deepfakes as an emergent threat. All the pieces for widespread attacks are in place and readily available to cybercriminals, even unsophisticated ones.”
Researchers with the security company Trend Micro expressed similar concerns in an online post this past September with this opening statement: “The growing appearance of deepfake attacks is significantly reshaping the threat landscape. These fakes bring attacks such as business email compromise (BEC) and identity verification bypassing to new levels.” They went on to say that more serious attacks will be forthcoming because of the following issues:
Why do lawyers need to be concerned?
I would hope it would be self-evident. Due to the amount of other people’s money law firms are responsible for coupled with the amount and variety of sensitive and confidential information lawyers maintain, law firms have been and will continue to be an attractive target for cybercriminals and scammers. The only thing that is changing is the sophistication of the attacks.
As a lawyer, you need to know that a tool that enables someone to create a deepfake of you exists. That deepfake could be used to hack your Amazon Alexa; manipulate a colleague, family member, friend, or employee into moving money; used to hijack your bank account, bypass an identity verification process, or even to plant fake evidence in an attempt to blackmail you. All that person needs is a good photo or a short voice recording. How many people do you know, including yourself, who have already posted all kinds of audio, video, and photos in the social media space? You and I both know it’s practically all of us.
My purpose in sharing all of this is not to instill fear. Rather, it is to create awareness and an appropriate level of concern. We all need to continue to stay abreast as to how the attack vectors continue to change in order to have an opportunity to be proactive in our efforts to avoid falling prey to these ever-evolving cyberattacks and scams.
What should law firms do about the deepfake threat?
As with so many cyber and scam threats, there is no one step you can take and there are going to be no guarantees that any combination of steps will successfully block this threat. All you can do is try your best. That said, the following are becoming more important than ever.
Since 1998, Mark Bassingthwaighte, Esq. has been a Risk Manager with ALPS, an attorney’s professional liability insurance carrier. In his tenure with the company, Mr. Bassingthwaighte has conducted over 1200 law firm risk management assessment visits, presented over 600 continuing legal education seminars throughout the United States, and written extensively on risk management, ethics, and technology. Mr. Bassingthwaighte is a member of the State Bar of Montana as well as the American Bar Association where he currently sits on the ABA Center for Professional Responsibility’s Conference Planning Committee. He received his J.D. from Drake University Law School.
5 min read
This blog post is in partnership with LMG Security. With professional hackers and cybersecurity criminals posing a constant threat to law firms...
4 min read
Few law firms seem to fully appreciate the level of risk that attorneys and staff truly represent. Of course, the ultimate goal is to avoid having...
4 min read
Updated 07/2023 Lawyers remain a high-profile target for scammers hoping to get away with wire fraud and the attack vectors they are using continue...