The 5 most common cyberthreats legal teams should watch for

Learn about social phishing, ransomware, mobile security, remote risks, and identity-based security

Cybersecurity threats may sound like a technical problem best left to the experts in your organization's IT department, but corporate legal counsel also needs to be well-informed about these risks.

Alarmingly, Statista predicts the global cost of cybercrime will surge to $23.84 trillion —  that's trillion with a "t" — by 2027. The impact of even one security breach on your watch could be mission critical, causing untold financial and reputational damage. Areas of concern may include standards of reasonableness in data protection, disclosure requirements for data breaches, cybersecurity risk assessments, and more.

With that in mind, here are the top five cybersecurity threats to watch out for today:

1. Social engineering attacks ("phishing") 

Most IT security breaches result from social engineering in a business setting where criminals trick employees, suppliers, or other contractors into revealing confidential information, clicking on malicious links, or providing entry to secure IT systems. These criminals may make approaches via email or telephone; they may use voice impersonation software to make the attack more convincing.

"These scams are becoming more effective, which is concerning, as you might expect growing awareness to make them less so," says Mark Gendein, Principal Architect.

One worrisome development behind the increasing sophistication of phishing attacks is the attackers' use of highly sophisticated computer algorithms, known colloquially as artificial intelligence (AI). These systems can generate more believable phishing emails and create so-called "deep fakes" that falsely represent clients and authorize the release of financial transactions or sensitive data. On the flip side, IT security teams are using AI in risk assessment to help uncover system vulnerabilities that can then be patched before they’re exploited.

Healthcare companies may be especially vulnerable now that criminals have shown an interest in Medicare data breaches. In January 2023, a South Florida man pled guilty in federal court "to conspiring to buy and sell more than 2.6 million Medicare beneficiary identification numbers and other personal information." As part of his plea, he admitted to using data mining and social engineering techniques to obtain the numbers that he advertised and sold online in transactions that the government estimated were worth $310,000.

2. Ransomware

So-called "ransomware" is a type of malware that criminals use to hold an organization’s data for ransom, either by blocking access to it or threatening to publish it if the organization doesn't pay the criminals a large sum of money. Ransomware is typically downloaded and installed when someone opens a malicious email attachment, clicks on an infected link, or visits an infected website.

This type of cybercrime is widespread because it can be quite profitable. The average ransomware demand is now $200,000 to $300,000, with some demands exceeding $10 million. The costs aren't limited to the payment. Afflicted businesses lose an average of 21 days of operations whether or not they pay. Other costs may include loss of business and regulatory sanctions, which should trigger the legal team's involvement.

3. Mobile security attacks

In 2022, more than 6.4 billion smartphones were in use worldwide, and that total was forecast to rise to more than 7.7 billion in 2028, according to Many of these devices may be used for both professional and personal purposes. Fake apps that appear genuine have infiltrated app stores. These apps, when downloaded onto devices, can con smartphone users into granting criminals access to the device or infect the device with a virus or malware that gives the criminals control of accounts and access to sensitive data.

4. Remote working risks

A rise in remote work at companies of all types and sizes may create more weaknesses in employers’ IT systems. Employees at remote locations may be using out-of-date routers, working on their own vulnerable devices, or connecting to unsecured wi-fi networks.

"Very few people know how to patch home routers effectively to update them against threats and it may not even be possible if the routers are old," says Jesse Mrasek, Senior Cloud Solutions Architect at Microsoft. "Carrying out device management at scale is a significant logistical challenge for businesses."

Legal departments may need to create, review, and strengthen policies that protect or prohibit employees' use of personal computers and mobile devices for work purposes.

5. Identity-based cloud security threats

Storing information in the cloud may be more secure than hosting it on the company's premises, given that major cloud service providers spend billions for security and deploy teams of experts to chase down threats. Yet weakness can remain, especially where some elements in the cloud are self-hosted. Legal teams can raise cybersecurity as an essential concern when cloud-based services are proposed or used.

“There are some great tools available to help companies manage security in the cloud, but you have to know how to use them," says Gendein.

Cloud-security technology alone may not provide adequate protection since attackers typically target the identity holder — the firm itself — rather than the service provider when they phish for staff to provide access to log-in details or other data.

The evolving risks for cybersecurity

The threats that cybersecurity risks pose to organizations aren't static. Rather, they evolve over time, becoming more prevalent and increasingly sophisticated. Since these risks are ever present and changing, more can always be done to minimize vulnerabilities and strengthen defenses. Savvy legal teams should invest the time and effort to ensure they and others in their organization are well protected and, when a problem occurs, ready to respond.