Verizon’s 2015 Data Breach Investigations Report identified that the legal, communications, and customer service departments “were far more likely to actually open an e-mail than all other departments.” My blog entitled “Phishing and Malware Cyberattacks are Directed at Law Firms (and Clients) – So it’s Time to Train Employees” is right on point and was reinforced by Lance Spitzner (Training Director for the SANS Securing The Human program) who noted in the Verizon Report:
…one of the most effective ways you can minimize the phishing threat is through effective awareness and training. Not only can you reduce the number of people that fall victim to (potentially) less than 5%, you create a network of human sensors that are more effective at detecting phishing attacks than almost any technology.
What does this say about lawyers? Are they too trusting or naïve, or just need more training?