Law firms face unique challenges with regards to security, driven by the highly sensitive information entrusted to them by their clients, the advice their clients expect from them, and the severe legal and reputational damage that could result from a breach. This case study highlights the shortcomings of restricted-scope security assessments that do not provide visibility into overall organizational and asset-driven risk.
Find out how our Red Team was able to:
- Gain access to sensitive client data, including pending litigation, M&A and other historical and current legal casework.
- Obtain access to the internal corporate network, facilitating longer-term, persistent attacks and data exfiltration.
- Obtain access to the firm’s email system, enabling us to read and send emails from employee accounts to clients.