Case for the defence

Cybersecurity expert Michael Gazeley has tackled threats to businesses of all sizes. What worries him in particular is the legal sector, and the lack of security strategy in many law firms

Michael Gazeley is the managing director and co-founder of Network Box Corporation, a leading managed security service provider (MSSP) based in Hong Kong dedicated to protecting its clients from incoming threats from the internet such as intrusion attempts, zero-day threats, trojan infections, viruses and other malware, spam, denial of service, and more.

With more than three decades of experience in IT, Gazeley has established himself as a key figure in the cybersecurity landscape. He co-founded Network Box with longtime business partner Mark Webb-Johnson, and the company has grown to become one of the world’s leading MSSPs. Network Box has won more than 170 international awards for its security technologies.

Asia Business Law Journal: Can you tell us about your company?

Michael Gazeley: Network Box started back in 1999 with a clear mission: to offer reliable and effective cybersecurity solutions. We were a small team, passionate about helping businesses protect their digital assets. We faced numerous challenges but our commitment to this mission kept us moving forward.

In those early days, the concept of cybersecurity was still evolving. Many businesses did not fully understand the risks associated with cyber threats, or the need for comprehensive security measures. This presented both a challenge and an opportunity for us. We had to educate our potential clients about the importance of cybersecurity while also developing solutions that could effectively protect their digital assets.

One of our first major breakthroughs came when we developed a fully managed security service that provided continuous monitoring and protection against cyber threats. This service, leveraging our patented push update technology, was a game changer for many businesses, as it allowed them to focus on their core operations while we took care of their cybersecurity needs. This early success helped establish our reputation as a reliable and innovative provider of cybersecurity solutions.

As we grew, we began to expand our services to meet evolving needs. We introduced threat detection and response capabilities, which allowed us to identify and neutralise potential threats before they could cause significant damage. We also developed advanced firewall management services to protect our clients’ networks and digital perimeters.

Our journey from a small startup to a global company has been marked by continuous learning and adaptation. We’ve had to stay ahead of rapidly evolving cyber threats and constantly innovate to provide the best possible protection for our clients. Today we have a presence in multiple countries and serve a diverse range of clients.

ABLJ: Who does Network Box serve as clients and what services do you provide?

Gazeley: We work with a variety of clients, including businesses, government agencies, financial institutions, medical facilities, educational organisations, and of course law firms. Each of these sectors has unique security needs, and we tailor our services to fit those requirements. Our main services include fully managed security, threat detection and response, firewall management and security consulting.

Our managed security services offer continuous monitoring to protect against threats. This is especially crucial for businesses that cannot afford to have their operations disrupted by cyberattacks. With our managed services, clients can have peace of mind knowing that their networks are being monitored around the clock by experienced cybersecurity professionals.

One of the key factors that set us apart is our proactive approach to cybersecurity. Rather than just reacting to threats, we focus on anticipating and preventing them. This proactive stance is crucial in a landscape where cyber threats are constantly evolving, and new vulnerabilities are discovered regularly. By staying ahead of the curve, we can provide our clients with the highest level of protection.

Our clients come from a wide range of industries, each with its unique challenges and requirements. For instance, government agencies often deal with highly sensitive information and need stringent security measures to protect against espionage and cyber terrorism. Financial institutions handle vast amounts of personal and financial data, making them prime targets for cybercriminals. Educational organisations, on the other hand, need to protect student data and research information while ensuring that their networks are accessible to students and staff.

Tailoring our services to meet the specific needs of each client is one of our strengths.

ABLJ: Why are you so concerned about law firms you have dealt with?

Gazeley: The rise of sophisticated cyberattacks has made it essential for law firms to reassess their security protocols. This is not just about adopting new technology; it is about preserving the foundational values of the legal profession.

Confidentiality, the bedrock of the attorney-client relationship, is at constant risk in a world where data breaches can occur in an instant. Without stringent cybersecurity defences, the integrity of client communications and case details can be compromised, destroying the trust clients place in their legal representatives.

Maintaining the integrity of legal practice extends beyond the courtroom to include the protection of all data handled by law firms. A single cybersecurity lapse can lead to data manipulation or loss, jeopardising the fairness and accuracy of legal processes. Ensuring data integrity through advanced cybersecurity measures is imperative for upholding justice. Cyber threats test the legal profession’s commitment to these values, making comprehensive security strategies essential.

Ethical obligations demand rigorous protection of client information. Failure to meet these standards can result in severe legal and professional consequences, including breaches of confidentiality and loss of client trust. Proactive cybersecurity measures reflect a law firm’s dedication to fulfilling these ethical responsibilities and reinforcing the indispensable trust clients have in their lawyers.

One area that particularly concerns me is the cybersecurity posture of law firms. These organisations handle a wealth of sensitive and confidential information, making them prime targets for cyberattacks. Despite this, many law firms may not have adequate security measures in place, leaving them vulnerable to breaches. My interactions with various law firms have revealed a troubling pattern of complacency, underscoring the need for heightened vigilance and proactive security practices.

Law firms often deal with highly sensitive information, including client data, legal strategies, financial records and intellectual property. This information is valuable to cybercriminals, who can use it for financial gain, identity theft, or corporate espionage. The consequences of a cyberattack on a law firm can be severe, leading to data loss, financial damage and significant reputational harm.

One of the reasons for this complacency is that many law firms may not fully understand the risks they face. Cybersecurity can often seem like a distant concern, especially for firms that have not yet experienced a major breach. However, the reality is that cyber threats are very real and very immediate. Law firms need to be proactive in protecting their information and their clients’ information.

My concern stems from a deep understanding of these risks and a commitment to helping law firms strengthen their defences. I emphasise the importance of implementing robust cybersecurity measures, conducting regular security assessments, and providing ongoing training to employees. By adopting these practices, law firms can mitigate the risks of cyberattacks and protect their clients’ information.