ABConnect
Insight Archive  | Subscribe to our insights >>

Aon  |  Professional Services Practice
October is Cybersecurity Awareness Month – Professional Services Firms and Cyber Risk

Release Date: October 2022
pdf download Implications for D&O Litigation From Climate-Related Risk

Since 2004 the President and Congress have declared October to be Cybersecurity Awareness Month. In support of this tradition, the Professional Services Practice at Aon is highlighting the cyber risk faced by professional services firms and bringing you thought leadership and solutions.


Highlighted Thought Leadership:
Attorney-Client Privilege and Work Product Protection of Cyber Breach Investigation and Response Reports

October 2022 - In an article from the Quality Assurance Review, Fall 2022, Professional Services Practice’s Loss Prevention team addresses the standards that courts apply and the facts and circumstances they consider in deciding whether data breach consultants’ reports and related communications are...

Read more
The Aon Law Firm Cyber Survey 2022


October 2022 - The Aon Loss Prevention team reports on the results of its comprehensive survey of law firm general counsels, managing partners, and chief information security officers about their firms’ cybersecurity infrastructure and the top cyber challenges they face, from data privacy law compli...

Read more
Law Firms and Cyber Interruption – How Do You Measure and Prove a Loss of Revenue?

September 2022 - As discussed in the Professional Services Practice’s “Looking Ahead: Top Risks Facing Professional Service Firms in 2022 and Beyond” Cyber-attack/data breach was the top rated risk facing firms in 2022. Business interruption was rated 4th in the same Global Risk Management Survey.

Read more
Ransomware Isn’t Just About Data: The Rising Risk of Cyber Business Interruption

April 2022 - As the frequency of ransomware attacks increases, organizations must consider that it’s not just data that hackers are targeting. There is an increasing risk of business interruption (BI). This growing digital peril has presented new challenges to business continuity and security.

Read more
Cyber Risk is a Growing Concern for Directors and Officers


April 2022 - The Financial Services Group at Aon discusses the evolution of cyber risk to include business interruption and ransomware in January 2022’s Cyber Risk is Directors’ and Officers’ Risk.


Read more
To Pay or Not To Pay – Professional Service Firms and Ransomware


January 2022 - As one of the most targeted industry sectors, professional service firms must carefully consider the implications of responding to ransomware demands.



Read more

Highlighted Solution for Cybersecurity Awareness Month:


Cyber Threat Hunting

The focus of cybersecurity efforts over the last several years has been on ransomware, a large and immediate threat and one that has disproportionately targeted professional services firms.

However, hidden behind the noise and distraction of ransomware has been a more persistent and insidious threat, largely the work of state actors and often referred to as “APTs” (Advanced Persistent Threat).

As indicated by the label, these actors are extremely sophisticated, determined and relentless.

These actors are not motivated by the quick payoff of a ransomware attack; they work on longer term aims, primarily targeting valuable information that they can leverage for financial gain.

The primary operating method of these state actors is stealth. They want to avoid being discovered in order to maximize their long-term objectives, whether that is, for example, obtaining information about corporate activity to leverage for profit and competitive advantage, stealing intellectual property, or obtaining information about prominent individuals to advance geopolitical goals.

The sophistication of these actors is demonstrated by the persistence that is revealed when they are discovered. The Professional Service Practice at Aon has managed several cyber claims where logs confirmed presence of the threat actors for at least two years, often with no certainty of when the attack began. In 2016 two major law firms were named and “other major law firms” implicated, but not named, in an article in the Wall Street Journal as victims of such an attack.

Published reports indicate that the persistence of these types of threats is over 200 days on average, although even this number may be artificially low due to unavailability of log records beyond a certain point.

Finding and responding to one of these stealth actors is not as simple as waiting for, or expecting, existing tools, no matter how sophisticated, to pick up and alert the victim of anomalous behavior on the network. All businesses have a unique cyber footprint, which requires a cyber threat hunt designed to align with the specific needs of their network setup and layout.

Stroz Friedberg leverages its unique experience in digital forensics, law enforcement techniques, and technical and risk management programs bringing threat hunting capabilities built around the needs and capabilities of each client's business.

Learn more about cyber resilience here.

Learn more about Stroz Friedberg's threat hunting capabilities here.




Contact


The Professional Services Practice at Aon values your feedback. To discuss any of the topics raised in this article, please contact Tom Ricketts.

Tim Ricketts

Tom Ricketts
Senior Vice President and Cyber Risk Leader
New York







Do Not Sell or Share My Personal Information | Cookie Preferences |Careers | Site Map | Investor Relations | Legal | Privacy | Cookie Notice | © 2024 Aon plc

Connect with Aon on LinkedIn at http://www.linkedin.com/company/2041. Follow Aon on Twitter for the latest updates at http://www.twitter.com/Aon_plc. Join Aon's community on Facebook at http://www.facebook.com/Aonplc.