Signs of Phishing: How to Spot a Scam

 

Phishing

A Phishing attack is a type of social engineering attack that malicious attackers often use to steal sensitive data such as login credentials, credit card information, etc. Phishing is one of the biggest Cyber threats organizations face in the Cyber world. 80% of organizations fell for phishing attacks in 2021 according to Proofpoint’s 2021 state of the phish report. There are multiple ways threat actors carry out some of these phishing attacks. Let us look at the different phishing attacks out there.

Types of Phishing

Email Phishing: This type of phishing attack is sent via emails asking you to perform some sort of action with some sense of urgency. This type of attack will normally require you to click on a link that redirects you to a fake website that might request some sort of login credentials. These fake websites are normally cloned versions of legitimate websites that are used to trick users into entering their login credentials.

Spear Phishing: This is a phishing attack that is targeted more at a single entity. Before attackers perform this type of attack, they normally have some sort of basic information about the victim. This kind of information could be their name, place of employment, Job title, email address, or specific information about their Job title. These types of phishing attacks are much more convincing since the attacker has some information about the victim.

Whaling: Here, the attack usually targets senior executives. It commonly uses the pretext of a busy executive who wants an employee to do them a favor and normally plays on an employee’s willingness to follow instructions from their boss.

Smishing and Vishing: The medium of communication here is via telephone. Smishing normally comes as a text message suggesting being from your bank alerting you of suspicious activity on your account. In the image below, the attacker sends a text telling the victim he has been involved in fraud and should follow the link to resolve the issue to prevent further damage.

Phishing attacks are nothing new. They have been around for decades. However, it is only recently that the frequency and effectiveness of phishing has skyrocketed. Now, more than ever before, businesses (and consumers) need to be on high alert when receiving emails or phone calls from people or companies they do not know. But how can you tell whether an email or phone call is a phishing scam? If you think an email might be a phishing attack — for example, if it asks you to give up personal information or click on a link — then it probably is. Phishing scams almost always have obvious warning signs you can see with a bit of careful consideration. The good news is that the more aware you are of these signs of phishing emails, the less likely you are to fall victim to one of these malicious attacks.

Some Phishing Techniques

The sender is requesting your credentials

One of the most obvious signs of a phishing scam is when the email you receive requests for your login credentials or financial information. Unfortunately, this is a trick malicious actors use to gain access to your sensitive information and steal your identity. If you receive an email that asks you to enter login information, username, password, or credit card information, it is more than likely to be a phishing attempt. There are a few different ways that people try to get you to enter your credentials, including "customer service" emails from banks, utilities, or other companies you have an account with; emails from companies that you have an order with and are asking for your log-in information; or emails from companies with which you do not have any kind of account.

The email asks you to click on a link

Another common phishing attack technique is to entice you to click on a link in the email. Threat actors will often craft their emails, so they appear to be from a trusted source, such as your bank or credit card company. These emails may direct you to click on a link, usually to update your account information, and promise that doing so will help you avoid any problems. But that link may take you to a phishing website that will steal your information or, sometimes, have full control of your device via a zero-click attack when you visit their malicious website by clicking on the link sent to you. The same is true for emails from companies with which you have an account. If an email from your bank or credit card company directs you to click on a link, the best thing to do is contact them through their legitimate phone number or website to ensure that the email is authentic.

The email’s language is awkward or poorly written

Another tell-tale sign that an email is a phishing scam is if it is awkwardly or poorly written. If you receive an email from a company, especially one you do business with, they will probably address you by your name. However, phishing emails rarely address you by name, or they will use a general salutation, such as "Dear User," "Dear Customer," or even "Hello." Phishing emails are often written in an overly formal or corporate style, which is typically a clear sign that something is amiss. Likewise, the tone of the email may sound off, or the language may be riddled with spelling or grammatical mistakes.

You are unfamiliar with the sender

Another red flag is if you do not recognize the sender of the email. If you receive an email from a company with which you do not do business, scrutinize it before taking any action; if the company has a wrong address or contact name, or if the email is from a person you do not know, it is likely a phishing scam. If you have an account with a company, but the name of the person emailing differs from the one listed on your account, it may be a phishing attack.

You were not expecting the email, or it was not requested but responded to beforehand

Finally, a sure-fire sign that an email is a phishing attempt is if you were not expecting it, or it was not requested but responded to beforehand. Companies will not send you an email out of the blue and expect you to know what they want. If you are expecting an email from a company, but you do not receive it, you should not send them an email asking when to expect it. You should always be careful when receiving unexpected emails from companies; if there is something you need to do or update, they will probably contact you through another means, such as a phone call or postal mail.

Conclusion

Phishing attacks are nothing new, in that they have been around for decades. However, it is only recently that the frequency and effectiveness of phishing attacks have skyrocketed. Now, more than ever before, businesses (and consumers) need to be on high alert when receiving emails from people or companies they do not know. But how can you tell whether an email is a phishing scam? If you think an email might be a phishing attack — for example, if it asks you to give up personal information or click on a link — then it probably is. Phishing scams almost always have obvious warning signs you can see with a bit of careful consideration. The good news is that the more aware you are of these signs of phishing emails, the less likely you are to fall victim to one of these malicious attacks.

Author: Enock Augustt | Penetration Tester | Member, IIPGH

For comments, contact email: it@inveteckglobal.com or Mobile: +233 (25) 686-7366

Source: www.iipgh.org

Understanding Cyber Insurance

What is Cyber Insurance?

Cyber insurance (Cyb-Ins), which is also known as cybersecurity insurance or cyber liability insurance is a type of non-life insurance, that protects organizations from the loss (mostly financial) incurred from cyber-attacks and or data breaches. It is a risk treatment option organizations adopt to protect themselves in the event of information security or cyber security incidents. Such security incidents may include business email compromise, denial of service, ransomware, data loss, theft of money, fraud, etc. Just like any other insurance product, Cyb-Ins may cover first-party and or third-party liabilities. According to 'MarketsandMarkets', the global Cyb-Ins market is expected to grow from approximately USD 12 billion this year to USD 29 billion in the next 5 years.

Key Stakeholders in Cyb-Ins

The cyber insurance industry is made up of several stakeholders. Key among them include the following.

Regulator: This is the state authority that monitors and supervises the operations of the Cyb-Ins companies in a particular jurisdiction. The regulator in the case of Ghana is the National Insurance Commission (NIC).

Insurer: The insurance company that offers the Cyb-Ins policy to organizations. Some of the major global Cyb-Ins companies include Allianz, American International Group (AIG), Aon, AXIS Capital, Beazley, Chubb, Fairfax Financial, Liberty Mutual, Lloyd’s of London, and Travelers. Enterprise Insurance can be cited for Ghana.

Insured: This is the organization that subscribes to the Cyb-Ins policy from the insurer. In Cyb-Ins, this primarily refers to organizations and not persons.

Agent & Broker: Serves as intermediaries between the insurer and the insured. The agent works for the insurer, whilst the broker works for the insured.

Technology Provider: Assists the insurer in building the Cyb-Ins product, provides technical advice to the insurer, and performs due diligence and assessments on behalf of the insurer. These are mainly cyber security companies.

Which organization needs Cyb-Ins?

Any organization may decide to subscribe to a Cyb-Ins policy. However, it becomes more needful or onus for organizations in the following scenarios:

1. Organizations that have been designated as critical information infrastructure by the state
2. Organizations that collect or process sensitive personally identifiable information such as payment card data, financial records, medical records, national ID numbers, and biometric data
3. Organizations that are required by regulations to have Cyb-Ins in place
4. Organizations that are required by agreements with their customers or partners to have Cyb-Ins in place

What costs may be covered or not covered under Cyb-Ins?

Depending on the type of Cyb-Ins policy (i.e first party or third party), Cyb-Ins may take care of the following associated with cyber security incidents: investigation costs, regulatory fines, legal fees, judicial fines, business interruption, payment of ransom, theft of money, notification costs, credit monitoring costs, mitigation costs, repair costs, and public relations costs.

Cyb-Ins may not take care of the following associated with cyber security incidents: reputation, decline in share price, decline in revenue, prior cyber security incidents, an incident with employee involvement, general system failure, and cost of improving cyber security.

It is extremely important for organizations to obtain clarity from their insurers on what their Cyb-Ins policies cover and do not cover. They also need to clearly read and understand the terms and definitions used in the agreement. Engaging a lawyer in this process is very prudent and cost-saving.

How much do Cyb-Ins cost?

The cost of Cyb-Ins (premium) cannot be explicitly stated, as it depends on several factors. The premium (amount to be paid to the insurer) may depend on the following: type of industry, size of business, annual organizational revenue, history of security incidents, and the results of Cyb-Ins risk assessments.

According to AdvisorSmith (2021), the average cost of Cyb-Ins in the USA is USD 1,485 per year, with premiums ranging from USD 650 to USD 2,357 for companies with moderate risks and annual revenue of USD 1 million.

Requirements for Cyb-Ins

Most Cyb-Ins companies have requirements that their prospective clients would have to meet before their application could be accepted. These requirements once met, would help the prospective client (insured) to pay a low premium. The absence of such requirements may result in the decline of the application by the insurer, or payment of a high insurance premium.

Prospective clients may be expected to have the following controls in place: multi-factor authentication, regular staff training, and awareness, effective management of third parties, encryption of data, testing of incident response plans, conducting regular vulnerability assessment and penetration testing, deployment of endpoint detection and response solutions, secure remote access to company systems, regular testing of backups, management of privileged access, patch management and management of end of life systems.

It must be noted that the requirements may differ from one insurer to the other.

Benefits of Cyb-Ins

The benefits of Cyb-Ins include the following:

Saves cost: It helps save organizations huge sums of money in the long term. Considering the huge cost and fines associated with cyber-attacks and data breaches, Cyb-Ins will help cater to such costs.

Ensures faster recovery: It helps organizations to quickly recover from cyber security incidents. With the needed support (expertise, logistics, or financial) provided by insurers, organizations can quickly resume their operations within a tolerable period.

Provides competitive advantage: Having a Cyb-Ins policy provides an organization with a competitive advantage. Prospective clients and partners may prefer to do business with such an organization than an organization without a Cyb-Ins policy.

Helps meet requirements: It helps organizations to meet their regulatory and contractual obligations, in instances where it is required by a regulator or agreements to have a Cyb-Ins policy in place.

Helps prevent cyber-attacks: Some insurers are keen on helping their clients in preventing cyberattacks through pre-breach services. Such services may include the provision of the following: training and awareness, cyber security products and services at discounted prices, cyber security intelligence, advisory and cyber experts.

Challenges of Cyb-Ins

Despite the benefits, Cyb-Ins also has some challenges. The following are some of the challenges:

Expensive: Due to the rampant and ubiquitous nature of cyber-attacks, the premium for Cyb-Ins has become very prohibitive for some organizations.

Provides a false sense of security: The insured may have a false sense of security. Cyb-Ins is not a silver bullet to prevent and recover from cyber-attacks. The insured ought to know that they may not even get any form of support when an incident occurs. It is an onus on the insured to be proactive and not rely solely on the insurance.

Coverage limitation: No single Cyb-Ins policy would be able to cover all cyber security incidents or breaches. All Cyb-Ins policies have limitations in terms of coverage and payouts. Hence an insured may have to take care of some aspects of an incident when it falls outside the scope of the agreement.

Embolden cyber criminals: With insurers paying the ransom on behalf of the insured, this can increase the spate of ransomware attacks. Since the ransomware attackers know, they would get paid for their ransom, they will always be encouraged to ply their trade.

Intricate coverage terms: Some Cyb-Ins agreements are very complicated for easy understanding. Some need cyber security experts and lawyers to provide interpretation. It may provide dire consequences if the agreement is not gotten right ab initio.

May not get payout: Due to the preceding point and among other things, the insured may not get a payout (what the Insurer needs to pay in case of an incident) when an incident occurs. There have been instances where the insured have dragged insurers to court to demand payouts. Examples of such cases include SS&C Technologies vs AIG, Mondelez vs Zurich, and SJ Computers vs Travelers.

Conclusion

Deciding on whether to subscribe to a Cyb-Ins policy depends on several factors, which have been discussed in this article. It is left to the organization to weigh the pros and cons and make that determination. It is extremely important to engage the services of information security or cyber security professionals and lawyers in the process of subscribing to the Cyb-Ins policy. Getting it wrong from the start may cost your organization a huge loss in the future.

Author: SHERRIF ISSAH, Information Security Governance, Risk and Compliance Professional | Director of Communications, IIPGH

For comments, contact author mysherrif@gmail.com | +233243835912

Source: iipgh.org

RANSOMEWARE ATTACKS: To Deal Transparently And Pay The Ransom or Not To Pay

According to Wikipedia, the generic meaning of the word ransom is the payment made to a captor for the release of a captive (person) or a valuable. This meaning does not differ in the world of cybersecurity since the concept remains that a captor (cybercrime actor) captures the data belonging to an organization or person by using specialized software tools (ransomware) to encrypt the data or by modifying the access path to the data so that the legitimate owner of the data is denied access to it either in full or in part and sometimes to exfiltrate the data. In most cases, the motivation of these cybercriminals is to demand the payment of ransom to them by the owners of the system or data.

The dilemma

The dilemma then arises whether to pay the ransom and have the data decrypted/retrieved or not to pay the ransom and lose the data permanently. Again, is there a guarantee that once the ransom is paid to the attackers, the data will be decrypted, and the attackers will stay away from launching further ransomware attacks? While addressing this dilemma, the ethical consideration of the cybersecurity profession must be highly esteemed. This leaves CISOs (chief information security officers) with the challenge of adhering to the ethical standards of their profession, ` which in most cases discourages the payment of ransom to cybercriminals and the need to retrieve the lost data for their organization.

The growing ransomware trends

One of the worst launched ransomware attacks in recent time (2017) which spanned across industries and continents was WannaCry, which when launched blocked user access to files or systems, holding files or entire devices hostage using sophisticated encryption technologies. Over $500million was estimated to have been paid in ransom to the attackers, thus making the crime of launching ransomware attacks a rather lucrative venture. According to Helpnet Security, there were nearly 293million ransomware attacks in 2021, see fig 1. This is an increase of about 134% of the attacks in the previous year 2020. STATISTA depicts a similar ascending scenario between 2016 and the first half of 2022. However, according to statista.com, the number of ransomware attacks/incidents recorded in 2016 is higher than those recorded in successive years as shown in fig 2. This they explained was due to a lack of investment in tools that could prevent these attacks or a lack of sufficient awareness of the trend among ICT professionals.

Figure 1 Ransomware attacks between 2017 and 2021

Fig. 2: Ransomware attack trends according to STATISTA 2022 report

Should data breaches be handled transparently?

Whether or not the handling of data breaches should be made transparent such that affected user groups realize the breach depends on the industry in which the victim organization operates. With the LockBit ransomware attack launched on Accenture’s network, the crime actors had already published some of the stolen proprietary information on their websites thus the customers of Accenture were already previewed to the attack hence the handling of the attack could best be done transparently to allay the customers’ fear. For our Ghanaian setting, if the attacked victim organization is in the FinTech or banking industry, it will not be ideal to handle the attack transparently since this could lead to panic withdrawal and consequent potential collapse of the affected victim organization. This is premised on the fact that the technology acceptance readiness level of most Ghanaians is not fully fledged, hence there is still a lot of doubt in the minds of people about the security and safety of their digital assets and investments. Hence, the need for the exercise of full disclosure should be looked at with much care.

In the fast spate of global digitalization, more people and organizations are adopting and adapting to the use of digital and online platforms to improve their business processes. More data is being stored on cloud platforms than ever in history; thus, there is a rather sharp increase in the patronage of digital solutions. Owing to this, and the trend depicted in the graph in fig.1, there will undoubtedly be more occurrences of ransomware attacks since cybercriminals are finding it more rewarding. The time to nib this menace in the bud is now. All cybersecurity professionals must reconsider advising their organizations to paying these ransoms and rather invest these monies in building more complex solutions to defend their company’s digital information. This will serve as demotivation for cybercriminals.

Should ransom be paid?

Regarding payment of ransom, the only advantage is that the organization stands the chance of retrieving its stolen data either fully or in part, though this sometimes is not guaranteed. In the heat of the breach, the focus of most victim organizations is to retrieve the data as soon as possible to ensure business continuity other than reinventing the wheel to rebuild the data. However, the aftermath of the breach after the ransom payment presents more disadvantages for posterity. One such disadvantage is that more criminals are going to find it more rewarding to develop ransomware and to launch more such attacks on other organizations, especially those with huge balance sheets. In a nutshell, payment of ransom comes with immediate but temporary benefits and a long-term disadvantage to other organizations or individuals.

Finally, it is my candid view that a victim organization must consider dealing transparently with cyber criminals regarding a launched ransomware attack. This should be a strategy intended to cause the criminals to compromise so that as much support as possible could be received in order to retrieve the lost/stolen data. The transparency should, however, be limited only to the breached data. Again, transparency should be considered with discretion such that in the process of engagement, the criminals will not get the impression from the onset that the victim organization will refuse payment of the ransom since this could cause the criminal to destroy the data entirely and walk away. Ransom should not, under any circumstance, be paid to any cybercriminals.

Conclusion

In conclusion, a ransomware attack is a threat to the global ambition for digitalization being spearheaded by the United Nations under its Sustainable Development Goals. The persistence of such attacks, especially in the growing era of digital currency and ecommerce, could defeat customers’ confidence in digital solutions, especially in financial transactions and in protecting personal data. Hence, I advise organizations to create backups to safeguard them against breaches in the event of ransomware attacks other than rushing to pay a ransom, thus creating jobs for cybercriminals. Remember, any ransom you pay feeds a hungry cybercriminal.

Author: Elolo Alfred Konglo | Ag. Head, ICT Infrastructure, Directorate of ICT, Ho Technical University | Regional Communication Director, IIPGH, Volta/Oti

For comments, contact Email: ekonglo@htu.edu.gh or Mobile 0244304540 or 0572089098

Source: iipgh.org

Application of Legal Technology: Critical evaluation of some use cases 3

Under conditions where there are limited resources, some AI-powered solutions may be ideal to be employed to be used to promote productivity, bridge the gap in resources, and still provide excellent and efficient services to their clients. In this third part of the application of legal technology series, we shall discuss some more AI-Powered solutions for firms.

LexisNexis or Lexis+, over the period, have continuously afforded small and mid-size law firms with limited access to resources a go-to legal research platform, thus through an integration of the content and tools needed to aid an efficient and thorough legal research. Its cutting-edge technology allows lawyers to uncover opinions, identify cases, and connect cases that may otherwise have been overlooked. It also aids in providing lawyers insights on judges, lawyers, law firms, and courts so they can use well-researched data, and have an advantage in making superior fact-based arguments. Its inherent ability to unearth cases and put them online quicker gives it an advantage over other solutions. It applies a combination of machine learning and natural language processing. It also helps firms with limited resources to have an estimation of the litigation timeline for a case before a specific judge or courts and even determine the appropriate venue that may suit their client’s case. They can also assess their opposing lawyer’s abilities in similar cases and design a litigation strategy to pursue their case.

Kira Systems is another AI-powered solution that aids in executing a more accurate due diligence review on contracts via searching, highlighting, and extractions of relevant content for analysis. It also allows continuous reviews by other team members using extracted information with links to the original source. It is estimated that this AI completes tasks up to 40% faster for first-time usage and up to 90% for those with experience using it. This AI uses patented machine learning for the identification, extraction, and content analysis of the contracts and documentation fed to it. This patented AI can extract concepts and data points at high-efficiency rates and accuracy, which either was not possible with traditional rules-based systems. Aside from its patent, its quick study, partner ecosystem, built-in intelligence, and adaptive models make it uniquely different from the rest.

Lawdroid AI, a chatbox AI, can be used by firms with limited resources. Amanda Caffall, Executive Director, The Commons Law Centre, stated that LawDroid helps our non-profit start-up law firm, sort the vast unmet market for legal services into people we can help and people we can refer to other resources, saving us precious time while enabling us to make much-needed referrals. They are mainly hosted on the websites of the law firm and make them available to potential clients 24/7. Using videos and responsive conversations creates and builds trust with potential clients and captures their information as new leads for the firm. It also allows having an in-depth knowledge of your clients to make data-driven decisions. Using some conditional logic, it can intelligently create robust documents gathered from clients. Firms can scale up their expertise and services and charge for self-serve legal documents, issue spotting and legal guidance whilst business is asleep. 

It applies natural language processing to readily provide answers to legal questions from clients it engages with. The 2020 Legal Trends Report found that 79% of potential clients expect a response within 24 hours of reaching out. Thus, Lawdroid and another chatbox AI come in handy to respond to this need in seconds. Overall, Lawdroid AI helps to save time and money, and improve efficiency and profitability whilst providing an efficient customer service experience and satisfaction.

Data is one of the limitations. AI-powered solutions use machine learning, deep learning, neural networks, and natural language processing. These feed on big data to help train the AI model to power the solution. For example, with machine learning, patterns identified by humans may not have been detected easily. The patterns are detected based on the training data available and may not know other existing patterns outside the big data used in training them. Thus, the data may be very accurate or complete but still lack the contextual patterns that may exist outside the training data. Thomas Redman in his article titled, ‘If Your Data is Bad, Your Machine Learning Tools Are Useless’, explained that to train properly a predictive model, historical data must meet exceptionally broad and high-quality standards.

First, the data must be right: it must be correct, properly labeled, and so forth. But you must also have the right data–lots of unbiased data, over the entire range of inputs for which one aims to develop the predictive model. Shlomit Yanisky-Ravid and Sean Hallisey on Equality and Privacy by design indicated that the key attributes of data are volume, velocity, variety, and veracity. On veracity, they argued limitations arise based on the deviation of the data from the real world. Thus, where a selection bias existed, the training of the model will not exhibit the actual condition due to errors in sampling data. 

Also, AI for predictive analytics is limited by unavailable data. Nate Silver also reiterated that a lack of meaningful data is one of the two principal factors that limit the success of predictive analytics. Another limitation on data is that, where the AI-powered solutions perform predictive analytics, most of the data it relies on are in their generic nature, factual distinctions between these cases are therefore difficult to track.

The design also introduces its limitations to the AI-powered system. In modeling an AI-powered solution; the human element is very critical. This makes the AI susceptible to human biases from the design stage. Kate Crawford wrote that 

“Like all technologies before it, artificial intelligence will reflect the values of its creators. So, inclusivity matters–from who designs it to who sits on the company boards and which ethical perspectives are included. Otherwise, we risk constructing machine intelligence that mirrors a narrow and privileged vision of society, with its old biases and stereotypes’’. 

This perfectly highlights the possibility of bias in the design stage, which replicates the model created, thus churning out a biased outcome. Kleinberg et al. identify three design choices that can lead to algorithms operating in a discriminatory manner: the choice of output variable; the choice of input variables (candidate predictors); and the choice of the training procedure.

These solutions would have some limitations if the data fed it is not updated to reflect changes in the requisite laws, policies, or regulations. An example is a rule-based AI solution relying on repealed law to still give automated answers and decisions to clients. Where there are changes in the regulations but not updated in the solution, the outcome churned out will be wrong. Accountability cannot be said to be a limitation but can be characterized as a limitation of the system of governance.

On the limitation of bias and legal ceiling to be applied, with proper regulation, algorithms can help to reduce discrimination. But the key phrase here is “proper regulation,” which we do not currently have. If properly designed and used, algorithmic systems can be used to effectively demonstrate bias in human endeavours and, therefore, be a positive force for equity. Brian Sheppard on trade secrecy in AI tools indicated that secrecy makes it harder for consumers to realize the full benefits of a competitive marketplace. Thus, further regulation around the development of AI systems will have enormous benefits for lawyers.

In conclusion, AI-powered solutions in their diverse ways have impacted the legal industry positively as stated in this and previous articles, per their unique contributions towards efficiency, operational strategy, and excellence and the profitability of the legal firms that employ their use.

Author: Ing. Bernard Lemawu, BSc Elect Eng, MBA, LLB, LLM Cand. | Member, Institute of ICT Professionals Ghana

For comments, contact author ghwritesblog@gmail.com

Application of Legal Technology: Critical evaluation of some use cases 2

 

As a continuation of last week’s publication, this part focuses on some use-case applications of artificial intelligence in the legal field. These are sample AI-powered solutions currently in use in some jurisdictions.

AI-powered solutions rely on the above technologies discussed. These solutions are very critical to the legal industry today. Micheal Mills, in his article, Artificial intelligence in law: The stage of play 2016, remarked that a search on ‘artificial intelligence in law’ produced 86,400 results from just the news section of Google’s vast index. Subsequently, 32.8 million results from the web and from videos, almost 261,000. Again, according to Wolters Kluwer’s 2020 Future Ready Lawyer Survey, 58% of legal departments expect AI to affect their organization over the next three years, with 82% of corporate legal departments expecting a greater use of technology to improve productivity over the course of the next three years.

Indicatively, AI-powered solutions have permeated almost every part of the legal service delivery industry today, helping law firms to be more efficient, and providing quality service at great speed and accuracy. Some of these AI-powered solutions are Luminance, Lex Machina, Relativity, Contract pod AI, Clarilis, Premonition, Thomson Reuters, Clide and Co, App4Legal, Kira, Leverton, eBravia, COIN by JP Morgan, ThoughtRiver, LawGeex, Legal Robot, Lawdroid, and Ross Intelligence to name a few.

Law firms naturally have some constraints on resources in most cases. Resources here would suffice for the availability of lawyers, the financial strength of the firm, and the time available per count of lawyers. It may also further include other logistical needs like office space for the library et al. For a law firm, therefore, to promote efficiency in its organization with no resourcing needs requires the firm to make good use of its resources, especially lawyers and time. An efficient law firm promoting efficiency will be profitable. I will recommend AI-powered solutions that provide the following services, i.e., legal research, contract review and management, document review, predicting legal outcomes, and more.

AI-powered solutions for firms to promote efficiency with no resource issues will include Luminance AI, which provides for automated contract drafting, negotiation, and review, end-to-end eDiscovery (from investigation to litigation), and the spectrum of contract review projects. These legal services are very time-consuming tasks that most times impact service delivery. Luminance AI, using Natural language processing and machine learning as discussed previously reads, and forms some conceptual understanding of the documents fed to it in any language to augment tasks ranging from a review of initial contracts to automatically flagging anomalies within the contract, and further bringing into the limelight areas of non-compliance needing to be remedied.

It can hierarchically assign workflows and perform some low-level task automation, freeing up critical resources for strategy formulation, analysis, and advisory roles. The amalgamation of all these leads to efficiency and productivity. Luminance AI applies Natural Language Processing and pattern recognition, combining both supervised and unsupervised machine learning. Using unsupervised learning, its e-discovery abilities aid litigators in identifying hidden and incontrovertible evidence amongst mountains of irrelevant materials. The more lawyers use this AI-Powered solution, the more they can understand such patterns of lawyers, thus becoming more intelligent and become customized for each lawyer’s needs. Luminance has now seen and analyzed over 100 million documents in over 80 languages across hugely diverse fields of law, from non-potential risks, anomalies, or contentious issues are surfaced when using Luminance’s AI to draft and review documents. Thus, the attribute of this solution promotes efficiency.

Second, Ross Intelligence is another AI-powered solution suitable for such an organization. Diligent legal research is very critical to a law firm’s efficient utilization of its resources. The valuable attribute that goes into thorough research can be very daunting for law firms. Similarly, Ross’ intelligence applies natural language processing to ask relevant questions and receive information on related case laws and other tertiary resources. Most firms using Ross Intelligence have seen significant improvement in their efficiency ratings. Baker Hostetler is an example, having used the software to work on 27 terabytes of data, with a Forbes report describing Ross’ function in the law firm’s operations: Ross will be able to quickly respond to questions after searching through billions of documents. Using NLP and machine learning, it performs the following tasks, i.e., question-based search, finding similar language constructions, document analysis to ensure arguments are bulletproof, question-focused case overviews, and case treatments to avoid bad laws.

ThoughtRiver AI is another solution that leads to efficiency in law firms. Some use cases are in contract negotiations, contract review, and contract self-service. Using Artificial intelligence produces some level of visualization of potential risks through the scanning and interpretation of written contracts used in commercial risk assessments. This solution decentralizes contract review and negotiations, aiding firms to do more with less, thus increasing efficiency. It also helps reduce risk and increases compliance against the same legal policies. Lawyers can therefore do more in less time, by delegating transactional work to the business and actively reducing the need to engage with outside counsel. Also, it is estimated that about 50% savings are made on time for reviewing and approving contracts and because lawyers can now do more, as well as sales and procurement teams are enabled to review contracts themselves, a lot more business is executed at a reduced cost.

Premonition AI is another AI-powered solution that focuses on legal analytics and courtroom data insights. Using both supervised and unsupervised learning, as well as deep learning technologies, it deeply on real-time court monitoring with a far-reaching coverage larger than lexiNexis, Bloomberg, and Thomson Reuters combined. It has advanced filtering capabilities of reading over 50,000 pages in under a second. To assign lawyers to specific cases, Premonition AI aids in accessing the lawyers based on their litigation experience, case types, performance (regarding their overall, case type, judge, and client) as well as duration on the same metrics. It, therefore, allows for the efficient allocation of resources available to the firm. It also performs predictive analytics using machine learning and deep learning tools to comb through the millions of volumes of cases cutting across the hierarchy of the courts and judges, to arrive at near accurate predictions on new cases, provide counsel and decide strategies for case management. Decisions arrived at based on its algorithms are data-driven and cut across tons of millions of data records, beyond a lawyer’s own biases and anecdotal experiences. This leads to efficiency within the organization.

Author: Ing. Bernard Lemawu, BSc Elect Eng,MBA,LLB,LLM Cand. | Member, Institute of ICT Professionals Ghana

For comments, contact author ghwritesblog@gmail.com

Source: www.iipgh.org