Artificial Intelligence's Current and Future Impact on Law Firm Security

December 12, 2017 by Alex Collins, IT Services Consultant

We’ve come a long way since the days of “I’m sorry Dave, I can’t do that.” AI has evolved quickly from conversations about futures to practical reality. And while it may still may never come to be that AI can become as intelligent as humans, some AI has already become better than humans at specific tasks – such as driving (self driving cars), facial recognition, and even ridesharing services (that is, routing drivers to passengers). Unfortunately, right in stride with the rise in AI is the evolution of the hackers. The IT sector is racing to identify and proactively implement cybersecurity solutions and law firms are starting to take notice.

     Randy Sabett of Cooley’s privacy & data protection (PDP) practice group states what many are coming to recognize, “the intersection of cybersecurity and AI now represents one of the most promising avenues toward improved overall cyber health of a firms network.” In fact, cybersecurity already plays a predominant part in the AI story; with most modern day spam filters powered by technology utilizing some form of artificial intelligence. Companies are already racing to develop solutions that further bridge the gap between cybersecurity and AI. Darktrace, a company formed by Cambridge alums, uses machine learning to attempt to detect and prevent breach attempts in real time.

Darktrace works off of well-developed cybersecurity frameworks with the premise that no computer or AI is without fault. Part of the future success of AI based solutions will be recognizing their benefits as well as their shortcomings. A firm could utilize a service such as Darktrace and still find themselves breached because their overall cybersecurity policies are weak or lacking material substance. Unfortunately, law firms are often technology laggards and that applies when creating robust cybersecurity policies. Many firms map to pre-existing policies designed for other industries. Charles Morgan, national leader of McCarthy Tétrault LLP’s Information Technology Law Group admits, when law firms audit their cybersecurity, “audit questions or cybersecurity auditing may be based on a framework and structure that isn’t yet perfectly mapped to a law firm situation.”

Firms must “adopt a structured, enterprise-wide approach to cybersecurity risk mitigation that is consistent with industry standards,” Morgan continues. This entails that firms work similarly to the way AI is being designed to act – proactive instead of reactive. Cybersecurity for law firms must evolve if law firms are to continue to protect their clients’ personal information and data. Morgan provides a fantastic argument as to why: AI can be “used… by hackers to overcome any form of password control/access control, and it will become increasingly effective at doing that. AI can also be used for social engineering and to identify individuals who may be vulnerable to phishing.” Similar to how AI is currently used in spam detection, firms are also finding they

can utilize AI solutions to solve common security issues: for example, easily detecting users that are sending to or accessing their personal emails, or using insecure devices (such as a USB drive) that  simple human intelligence may not be able to detect.

Ultimately, regardless of whether or not a law firm chooses to utilize an AI enabled cybersecurity solution, they must be prepared to face the possibility of a hack or a breach. They must engage in due diligence. They should engage their own internal IT team, as well as third party vendors such as All Covered who can not only simply align firms to strict, legal-specific frameworks such as NIST or ISO 27001, but also be proactive in implementing and monitoring network solutions designed to prevent even the savviest of hackers.

It’s important for law firms to recognize that simply utilizing AI technology to protect against breach is just one piece of a puzzle. The National Law Review finds that “companies should not believe that AI systems alone provide a cybersecurity panacea. Cybersecurity solutions always require a human touch, such as risk analysis and case specific strategies for individual cyberattack responses.” With a well planned strategy, solutions that are proactive, paired with vendors that truly understand the legal marketplace, law firms stand more than a fighting chance for the foreseeable future.