The threat of cyber attack is becoming all too real for organizations across the country. With the recent high-profile attacks against companies including Target and Sony, many more executives are taking cybercrime seriously. “It has grown exponentially in the past five years, and the landscape has become quite competitive,” said Scott Vernick, a partner at Fox Rothschild who focuses on privacy, data security, and litigation. “When I started doing this ten years ago, I had trouble convincing people that this was something to pay attention to. Today, any self-respecting firm has a group.” However, even with the proliferation of high-tech tools to thwart would-be attackers, many experts agree training is the best way to keep sensitive information safe. Those in the medical field are particularly prone to attacks, many of which start with simple phone calls. By learning to identify red flags in training exercises, employees can avoid introducing malware into their systems. “A lot of protection is actually training,” says Sandra Jeskie, a partner at Duane Morris who focuses on litigation involving disputes over software and data breaches. “It’s not just a matter of throwing money at a firewall.”