Kevin Szczepanski and Renato Smith, co-chairs of Barclay Damon’s Data Security & Technology Practice Area, were interviewed for the Buffalo Business First article “Beyond the Breach: How WNY Companies Reacted to Cyber Attacks” about Barclay Damon’s experience with a cyberattack and the importance of sharing information and staying vigilant.
In January 2023, Barclay Damon experienced a cyberattack via a phishing email that appeared to be legitimate. The firm uses Microsoft Sentinel, which detected the suspicious activity early on, allowing the firm’s IT team to begin the process of solving the issue. The firm carried out its incident response plan and investigated the email account that was impacted.
“Then, we had to review the contents of that entire account to determine whether it contained any protected information of any particular individuals,” Kevin said. “It looked like the threat actor wasn’t after the protected information, but that he was fishing around for other contacts inside our law firm to create more phishing attacks on other people. What we found was there was no indication that the threat actor had actually reviewed any of this information in the email account, but we couldn’t completely rule it out.”
Despite no client suffering harm from the event, Barclay Damon erred on the side of caution and notified any affected individuals and reported the incident to federal regulatory agencies. As a result of this experience, the firm increased its use of multifactor authentication, employee training, and test phishing emails to identify gaps in employee training.
While all these steps are helpful, they don’t guarantee that a cyberattack won’t happen. Kevin said, “Prevention is the ultimate goal, but practically, that’s probably not doable. So, it’s more about what can we do to reduce risk to the fullest degree possible.” He continued, “If organizations think about these things now and work to develop the most robust cyber hygiene they can, then when this inevitably happens, they’ll have a happy ending.”
Buffalo Business First subscribers can read the full article here.