Law firms are a major target for criminals. As a result, a security precaution known as penetration testing (pen testing for short) is advisable for legal firms and in some cases, it is required by clients.
Why Are Law Firms Being Singled Out?
As large corporations continue to ratchet down their security, criminals are turning to relatively smaller, yet high-value targets. Law firms fit that description perfectly. They are often intermediaries or parties to large-dollar transactions that could be intercepted using account hijacking and social engineering. They also harbor sensitive, high-value information that could be used to further uncover personal information about their clients, or even for outright extortion.
Pen Testing Explained
Some types of security testing are largely passive, such as vulnerability scans that look for openings, but don’t try to breach the network. Penetration testing simulates attempts by criminals to actively exploit vulnerabilities, infiltrate the network and take control of systems. In short, they do everything a criminal would, short of doing actual damage. In effect, pen testing evaluates the entire security posture of the organization to determine how well its defenses protect the network, systems and data assets. If any of the pen test activity succeeds — or nearly succeeds — then the IT department and security teams can identify the gaps that are most important to close.
Penetration tests are performed in phases that simulate various types of real-world attacks the organization will face, in both internal network systems and those hosted in the cloud.
- External blackbox testing. Blackbox testing simulates an attack from outside the network, against systems with internet-facing IP addresses. These types of tests imitate the actions of a hacker with no prior knowledge of the network environment or credentials. In real life, this is the least successful way for criminals to breach a network.
- Internal whitebox testing. This simulates a criminal who possesses compromised credentials or has other prior knowledge that allows them to pass through the firewalls and gain access to the organization’s network. This test is typically performed from within the network. The tester takes the role of a criminal attempting to gain higher privileges or access other credentials, allowing admin access to systems.
- Social engineering. These methods account for a majority of compromised networks. The testers simulate a social engineering attack with a combination of emails, phone calls, and in-person visits, using the same ruses that criminals use to trick users into giving them access. Before running a test, key points of contact within the organization are briefed so they understand the scenarios and time windows. The reported results identify the risks and areas where users need education, and often drive significant change in the environment.
- Assessment/Analysis. Pen tests are often accompanied by a security audit focused on best practices. Key areas of focus include Active Directory, use of Group Policy Objects, and firewall configuration. IT departments have the opportunity to ask questions and use the real-world industry risk analysis and remediation suggestions to better secure the network.
Pen Testing Timing and Precautions
Penetration testers are skillful enough to stop short of actual criminal activity or damaging systems. Gaining escalated privileges and showing the potential for major damage is enough. But penetration testing needs to be scheduled and done after hours or during maintenance windows to minimize the risk of causing interruptions. (Most often the culprit is a legacy system, such as an old fax server or phone system, that locks up during an attempt to infiltrate it, requiring a reboot.) Penetration testing appropriate to the size and complexity of the environment may require anywhere from ten hours to more than 100.
It’s an unfortunate fact that the more successful your legal practice, the more likely you are to be harboring sensitive information about individuals, corporate clients and transactions that are highly prized by determined criminals. That’s why at SOCBOX, penetration testing is an integral part of our SOC-as-a-service offering. If you’d like to know more about pen testing and our other services, contact us, email email@example.com, or call 877-284-7789.