Legal firms are a top target for cyber attackers according to a new report
Legal firms are a prime target for cyber attackers due to the sensitive client information and funds they manage. In particular, conveyancing solicitors should be vigilant as property transactions are well known targets for cybercrime. That’s according to the latest report from the National Cyber Security Centre (NCSC).
The report was created for senior decision makers in the legal sector, with the aim of boosting industry-wide adoption of cybersecurity best practice.
The NCSC findings show that cybercriminals have stolen more than £11m of client money in the past 12 months. What’s more, 60% of legal firms reported attacks in 2017; up from 42% in 2014.
‘The cyber threat to UK legal sector’ sheds light on the current cybersecurity threats facing legal firms, and includes high-profile case studies such as the Mossack Fonseca data breach and the DLA Piper ransomware attack.
According to the report, the level of cyber risk faced could be greater for firms that advise sensitive or controversial clients, as well as those that work in locations that are hostile to the UK. Indeed, while the primary threat to the UK legal sector remains criminals with a financial motive, the report warns that governments are likely to play an increasingly significant role in cyber-attacks as they seek to gain the strategic and economic advantage. At the same time, the report stated that there is a growing threat from “hacktivists” who target law firms to achieve political, economic or ideological ends.
In 2018, three of the most significant cyber threats are phishing, data breaches and ransomware. These findings back up an earlier study which found that 99% of UK law firms are vulnerable to email fraud. The earlier analysis, which looked at the security practices of 100 top firms, found that only one organisation had adequate measures in place to protect against email scams.
However, help is at hand for the sector. For example, Lawyer Checker – which provides technology and products to help safeguard lawyers and consumers has recently launched a DMARC service to help firms to secure their email effectively.
According to the NCSC report: “Like all businesses, law firms are increasingly reliant on IT and technology and are falling victim to a range of malicious cyber activity. Losing access to this technology, having funds stolen or suffering a data breach through a cyber-attack can be devastating, both financially and reputationally, not only for the firm but also its clients.”
Developed in partnership with the NCSC Industry 100 scheme and the Law Society, in addition to highlighting the cyber risks, the NCSC report also includes a range of practical advice for firms that want to put robust protections in place. IT leaders across the sector are being urged to implement this guidance.
Christina Blacklaws, President of the Law Society, added: “In the post-GDPR world and as the sector delivers and transacts more online, it is vital that we get a common view and understanding of cyber threats and their impact. The Law Society sees this report as a
positive step to help our members spot vulnerabilities and put relevant safeguards and protections in place.”