“SOMEONE is learning how to take down the internet.”
The Internet may go down because of a cyber attack or your Internet Service Provider crashes. Our government states that a cyber attack is the most likely type of attack, and the risk of that type of attack appears to be growing. Aside from the recent allegations about Russian hacking, attempts to block or take down the Internet are real. Here is information to reinforce the vulnerability of cloud computing despite its growing popularity among law firms.
THE ECONOMIST (October 27, 2016)
“Cyber-security – Crash testing”
Recent attacks on the internet could be a prelude to far worse ones
“SOMEONE is learning how to take down the internet.” This was the headline of a blog post Bruce Schneier, a noted cyber-security expert, wrote in mid-September. It looked prescient when, on October 21st, Dynamic Network Services (Dyn), a firm that is part of the internet-address system, was disrupted by what is called a “distributed denial of service” (DDoS) attack. (Essentially, a DDoS floods servers with requests until they can no longer cope.)
The attack on Dyn was only the latest in a string of similar ones. On September 20th, for instance, the victim was Brian Krebs, an American journalist who often reports on internet criminals. The server where he hosts his blog became the target of one of the largest DDoS attacks on record (it was bombarded with data equivalent to almost half a percent of the Internet’s entire capacity).”
There were countless Internet outages during 2016 where ISP service was interrupted throughout the United States. The following table is recreated and reflects the dates of just the top Internet outages of 2016, the type of outage and what resulted from the outage.
TOP INTERNET OUTAGES OF 2016
Posted by Archana Kesavan on December 20, 2016
|DATE||TYPE OF OUTAGE||WHAT HAPPENED|
|01/13/16||Overloaded Network||Powerball unable to handle traffic overload|
|04/22/16||Routing Outages||AWS Route Leak|
|05/03/16||Cable Cut||Transcontinental issues in the Level 3 network|
|05/16/16||DDoS Attack||Attack on NS1 DNS infrastructure and online assets|
|05/17/16||Cable Cut||Fault in SEA-ME-WE-4 line|
|06/25/16||DDoS Attack||DNS root servers attacked|
|07/10/16||Routing Outages||BGP knocks JIRA offline|
|07/28/16||Overloaded Network||PokemonGo experiences network & application outage|
|09/13/16||DDoS Attack||Krebs on Security DDoSed (referenced in the “Economist” article above)|
|10/21/16||DDoS Attack||Mirai botnets attack Dyn’s DNS Infrastructure (referenced in the “Economist” article above)|
|11/08/16||Overloaded Network||Canadian Immigration website crashes|
And let’s not forget the devastation wreaked upon the East Coast by Hurricane Irene in August 2011 when more than 9.6 million users were without power. There is no information about the number of law firms affected by the power outages; however, the Virginia news station WWBT NBC12 stated that two weeks after the event they were still receiving calls about either Verizon or Comcast service [ISP] outages. Virginia had 1.1 million without power. The State Corporation Commission had to step in to say that “cable companies are not regulated by the government, so your options are limited.” (Source: http://www.nbc12.com/story/15461339/comcast-and-verizon-outages-consumer-attorney-reaction)
In recent years, bandwidth issues have increased because of the emergence of Internet of Things (“IoT”). The convergence of IoT and cloud tends to generate zetabytes of data from diverse traffic sources. This can make latency and timeout issues even more acute.
Law firms that use cloud-based systems report that they have hour-long delays during which they are unable to access their software. What would be the cost to you and your clients if this should happen to you? Referring to the October 21, 2016 DDoS attack, contributor Adrienne LaFrance for “The Atlantic” reported, “Some companies lose tens of thousands of dollars for every minute of a DDoS attack. For more than one-third of companies, a single hour of a DDoS attack can cost up to $20,000, according to a 2014 report by the security firm Imperva Incapsula. Internet outages continued into Friday afternoon, with major websites seeming to flicker on and off for internet users across the United States.”
The storage of data in the cloud is increasingly expensive and is more subject to hacking. Also, there are laws that prohibit data from traveling to other countries without a license. The countless computer servers that comprise the cloud are spread across the globe and with that comes some legal entanglements.
Daniel Masur, a lawyer and partner specializing in IT and business at Mayer Brown LLP’s Washington office, was quoted in a blog article “Cloud and the law” : “So, you can imagine if your data is flying all over the world dynamically, finding the least expensive place in order to sit, if you don’t have controls in place, you may find out that you have inadvertently violated the export control laws because data that shouldn’t have been ÔÇª residing in a particular location is now there.” (Source: http://www.searchcio.techtarget.com/tip/Cloud-contract-checklist-A-lawyers-perspective)
With increased use of technology comes greater risk that ethical and regulatory obligations to the client can be compromised; e.g., from the confidentiality of the attorney-client relationship to maintaining sensitive information such as Personally Identifiable Information (“PII”). It is critical to ensure proper protection of the client and the law firm. Quoting Jacquelyn Connelly, IA Magazine Senior Editor: “…according to a recent white paper from ACE Group, “Cloud Computing: Is Your Organization Weighing Both Benefits and Risks?”, today’s risk managers must fully understand the different delivery models of private and public cloud services and how the different deployment methods and uses can impact an organization’s risk. As companies increasingly outsource cloud services to third-party vendors, they face increased cyber exposures when operating business through the cloud, including unfavorable terms in cloud contracts, loss of control of data and compromised data security.”
(Source: 19 January 2015 http://www.iamagazine.com/markets/read/2015/01/19/constantly-evolving-cyber-liability-and-the-cloud)
According to a survey conducted by The Economist, the following is a partial list of the major implementation issues that organizations have reported while migrating to the cloud: (see Source below for complete list)
Significant outage to a public or community cloud service 18%
Significant outage to a private cloud 14%
Data breach resulting from the use of a public or community cloud service 12%
Permanent loss of data from public or community cloud service 12%
Data breach resulting from the use of a private cloud 8%
Permanent loss of data from a private cloud 5%
“The cyber threats of today are the insurance claims of tomorrow,” according to Christine Marciano, President, Cyber Data Risk Managers, dated January 2, 2017. (Source: https://www.databreachinsurancequote.com/cyber-insurance/cyber-insurance-data-breach-insurance-premiums/)
How true is this! Are you prepared?
Dedicated servers are great for organizations such as law firms that require exceptionally high levels of data security or that have predictable demand necessitating all of their servers running 24x7x365. When stringent security is required, then dedicated hardware might be the best choice for a law firm. And moving to a public cloud, private cloud or hybrid is not going to relieve you from the need of an IT specialist. Many programs have features that are not “cloud ready,” and IT must work around these obstacles. Save your money. Take the less risky, less expensive, more certain path and store your data on your own server.
Geni Law Office Software provides non-cloud automation software that has been developed over more than 20 years by a group of attorneys, accountants and software gurus. , Geni Law uses any operating system, including Mac®, Linux® (nix) and all versions of Windows®.
Geni Law’s software is so extensive that the only equivalent software is too expensive for any solo or small-size firm. With Geni Law, you get large-firm practice management for just pennies a day.