In relation to the story: "Exclusive: Firms' fury over misleading cyber security claims
Comment from Jeremy Hendy, executive vice president of sales and marketing at RepKnight:

"The reason we’ve done this report is to raise awareness that there are literally millions of credentials floating around out there — some from five years ago, some from last week. The overwhelming majority of law firms we’ve spoken to at the Securing The Law Firm event today were unaware of their footprints, and were grateful for the information.

A few firms seem to be getting upset that clients have called them up and asked “has my data been breached”? We think that’s a perfectly reasonable question to ask of any of your professional advisers, at any time. If your company already has the right tools and processes in place, then that’s great — you should already be in a position to reassure that client straightaway. We’ve already apologised if this has caused additional workload — that wasn’t the intention.

As part of this research we’ve analysed the data relating to the UK’s top 500 law firms. We want to make absolutely clear that most of these law firms will have done nothing wrong cybersecurity-wise. Instead, the only reason this data is available is because it has been breached by third-party sites, which those employees have used in good faith. So, far from trying to cause unnecessary alarm, we are trying to raise awareness of an issue that organisations in all sectors have great difficulty dealing with. It’s a fact of life that large quantities of corporate data now live outside the firewall. On the dark web, you can find huge lists of employee email addresses and passwords which cybercriminals can use for phishing or unauthorised access to corporate networks. What we’re trying to do through this report is raise awareness of the dangers of the dark web, and make sure they put procedures in place to reduce the risk of phishing and unauthorised access.”



Anonymous 26 January 18 14:47

There is a very serious issue here, and all genuinely and scholarly contributions to the debate are welcome. However. This is utterly irresponsible scaremongering, and typical of much of the misinformation and spin which is being circulated by those in the IT "security business" attempting to whip up anxiety levels and induce people to part with hard cash for technical solutions of variable efficacy. One can only hope this has backfired spectacularly for RepKnight, and it gets the well deserved come-uppence it deserves.