Cybersecurity in the legal sector
Hosted by Red Seguridad and the Madrid Bar Association, the first day of CiberLegal was held in Madrid on April 23 to offer a detailed view of the current situation of cybersecurity in Spain’s legal sector, the main risks and threats, how we should be prepared, the technology available to us, and the technology that is coming.
Eva Martinez, director of GMV’s Secure e-Solutions vertical, spoke on the impact new technologies are having on the legal sectors and the associated risks. As a foundation for digitalization, Eva began her talk with computing, where there are expected to be many advances in the coming years. We have heard rumbles of quantum computing, which will make unimaginable computing speeds possible. This will bring with it new cybersecurity challenges as our system of security—digital certificates—is currently based on a type of cryptography that could be vulnerable in just a few years to quantum computing. That is why we must begin seeking out solutions to face this problem.
Along with computing, connectivity has made possible all the highly-valuable services we use day in, day out: online meetings, SaaS services, ChatGPT, etc. This means that the outlook for a cybersecurity supervisor has changed. Just a decade ago, heads of cybersecurity could protect their most valuable assets in their forest with perimeter security. Now the assets can be on mobile devices, email, ChatGPT, third-party supply chains, SaaS apps, and we must track them with expert cybersecurity companies. All these risks arising with the opening up of new services are being exploited by cybercrime, which has become a highly profitable business, even turning over more than drug trafficking.
The good news is collaboration. Security operations centers, such as the National SOC Network, which GMV is a member of, have begun to share information. The enemy is common to all, and therefore we must be well organized to address it in coordination.
As for artificial intelligence technology, this is nothing new. Eva remarked how GMV has been using this type of technology for over 30 years to train certain models. The disruption now is Generative AI, in which “we have managed to train a single language model that allows us to democratize AI in certain ways. But this all brings incredible risks. OpenAI itself recognizes the risks of using ChatGPT4, such as false information, harmful content, cybersecurity issues, and risks that we still don't know about, since it is so disruptive.”
The importance of data spaces, places for sharing information, was discussed, as data is fundamental to training models. Currently, there are initiatives for health, mobility ,and industry data spaces. And some people are already talking about creating a space for justice data, which requires digitalization as a first step.
In her conclusion, Eva commented on the need for greater collaboration between companies' legal and technological departments to meet the major challenge of compliance with new regulations such as NIS2, which will affect thousands of companies as of October of this year with the aim of improving resilience to attacks and ISO42k, which will regulate artificial intelligence in organizations with the aim of guaranteeing transparency, ethics, and security of said organizations.