Law firms, an essential component of the corporate world, are finding themselves increasingly in the crosshairs of cyber attackers and hackers, and new threats emerge continuously. A recent study by researchers Joshua Harrison, Ehsan Toreini, and Maryam Mehrnezhad has unveiled a deep learning model that can map recorded sounds of keystrokes to their corresponding letters with an astonishing 95% accuracy. This is how: 

• Researchers pressed 36 keys on a MacBook Pro 25 times each, recording the sounds with an iPhone 13 and over a Zoom call.
• The keystrokes were translated into spectrogram images, trained as an image classifier.
• Further adjustments in the modeling process helped achieve the high-accuracy model detailed in the research paper.

Universal availability of microphones, coupled with advancements in machine learning, has brought a new dimension to security concerns. For law firms, this threat is particularly acute. With class actions filed against major firms like Bryan Cave Leighton Paisner and others, the legal sector has become a sweet spot for cyberattackers. Storing valuable data ranging from employee health and financial information to patent specifications and merger plans, law firms offer a treasure trove of top-secret and valuable information.

More than a quarter of law firms in a 2022 American Bar Association survey said they had experienced a data breach, up 2% from the previous year. The diversity of client data handled by law firms makes them valuable targets for cybercriminals. From financial statements to medical data and criminal records, the information is akin to currency in today's digital world. And yet, according to some experts, law firms lag behind industry best practices in cybersecurity.

Many firms lack the budgets to invest sufficiently in cyber defenses, making them soft targets for hackers seeking client data. Balancing maximum security with the need to share data across a firm creates a level of risk that many law firms struggle with. The lack of investment in adequate cyber defenses is no excuse, and industry standards must be adhered to, say legal experts.

The research conducted on deep learning to map keystrokes sheds light on a new angle of attack. The study utilized common devices, including a Macbook Pro known for its relatively quiet keyboard, and an iPhone 13. Countermeasures do exist, but the authors ultimately conclude that to be truly secure, a move away from typed passwords may be necessary.

As law firms grapple with the ever-changing landscape of cybersecurity, the recent revelations about deep learning's ability to map keystrokes present a unique and unsettling challenge. The threat goes beyond real-time surveillance; historical data, including recordings of meetings and webinars that may contain incidental keystroke sounds, could be susceptible to this new form of attack. In a world where data is currency and law firms are entrusted with highly sensitive information, this never-ending battle against bad actors will requires continued vigilance, innovation, and an unwavering commitment to safeguarding the very foundations of client trust and confidentiality.