Extract from Frank Ready’s article “E-Discovery Could Be the ‘Biggest Pathway’ for the Spread of Malware”
While law firms often make attractive targets to cyber criminals looking to obtain valuable client information, not all of those attacks may be as strategic or targeted as they appear. The large-scale data transfers integral to e-discovery production, for example, may be inadvertently opening up additional pathways for cybercrimes inside the legal ecosystem.
“I have absolutely seen discovery production that has included ransomware toolkits and spread from law firm to law firm to law firm engaged in a particular piece of litigation. I have seen that, I have responded to that sort of incident,” said Christopher Ballod, an associate managing director in the cyber risk practice at Kroll.
It’s not dissimilar to the risks that infected pieces of virtual evidence and other documents can pose to court IT systems. But while both law firms and court systems alike scan outgoing or incoming documents for potential cyber risks, e-discovery productions can potentially entail a lot more ground to cover.