The massive breach of Solar Winds, one of the most respected information technology firms in the United States, and the recent hack of the Colonial Pipeline are only the tip of the cybersecurity iceberg, said Dr. Robert Spangler, associate executive director for operations and IT, New Jersey State Bar Association (NJSBA).
Spangler was among the panelists today at the session titled, “Cybersecurity, the Solar Winds Case and You: What Lawyers Can Learn from a Major Security Breach,” at the NJSBA Annual Meeting. Other speakers included New Jersey Assemblyman Herb Conaway Jr., Rebecca L. Rankoski, co-founder, XPAN Law Partners in Marlton and Michael Mooney, senior vice president, professional liability insurance leader, USI Affinity in Philadelphia.
Like an iceberg, the 250 federal agencies and businesses that were hacked in the Solar Winds case represent the 10 percent “above the water,” but “we never see the 90% that’s submerged,” Spangler said.
“Even if you don’t use Solar Winds, agencies or companies you rely on do,” he said.
There are some initial steps people can take to help secure their computers: use multi-factor identification and a password manager and don’t reuse passwords.
Lawyers are vulnerable to getting hacked and also need to step up their cybersecurity measures, including getting cyber insurance, Rakoski and Miller said.
The pandemic has created more opportunity for cyberattacks because computer networks are more spread out, and phishing emails have increased by 700%, Rakoski said.
New Jersey does not have a data privacy law yet, and the laws on cybersecurity and data privacy differ among the states. New Jersey lags behind many states on cybersecurity and ransomware attack laws and in forming a cybersecurity task force, Conaway said.
“We have a lot that needs protecting and we should join the many states that are currently studying this issue,” he said.