Legal Sector & Cyber Security Awareness Month #besmarterthanahacker. The legal sector holds a lot of sensitive data and it is all of interest to the cyber-criminal. The risk is demonstrated by 75% of all firms (contacted by the Solicitors Regulation Authority (SRA) for their Thematic Review 2020) saying they had been targetted by a cyber-attack. Over 80% of all attacks arrive over email. Just this week the NCSC has urged firms to strengthen their cyber defences and published a Cyber Threat Report for the legal sector. During Cyber Security Awareness Month we look at why, and how you can be #smarterthanahacker.
Firms have responded with increased investment. In Price Waterhouse Cooper’s (pwc) Annual Law Firms Survey 2022 they found that there had been a significant increase in Cyber Security spend top within the largest firms (50 – 79%) but spend still only stood at between 0.3% and 0.5% across all firms. They also identified a skills shortage hampering the development and implementation of effective cyber security strategy.
When you think that a successful breach may cause a financial loss (including loss of billing time), a reputational loss and potentially large fines from regulators it is a surprise that overall investment levels are so low.
Take the 2017 DLA Piper ransom-ware attack.
- 2 days with no access to work emails or telephones, with complete access not fully regained up to 9 days later. That’s a shed load fees lost.
- Over 15,000 hours of IT overtime paid out.
- Insurance brokers estimated costs would run into ‘the millions’
Looking ahead emails will likely remain the biggest threat, but impersonation attacks – especially with the help of deep fake and AI could rise as costs of application drop.
What should law firms be doing to protect themselves? Here a five things as a start.
- The Organisational Culture needs to be open and no-blame with senior leadership fully behind security first by treating Cyber Security with the seriousness it needs.
- Train staff so they know what to look out for, and because of your open culture, will tell you when they have made a mistake.
- Make it harder for criminals by adopting secure passwords for all along with Multi-Factor Authentication (both available from WatchGuard)
- Do a Cyber Risk Assessment. You will know what your current risk posture looks like and what you need to do at what cost to get to good, better, or best depending on budgets and need.
- Have regular penetration tests done, and don’t use your IT provider. Whatever the scope you decide on it is better done by an independent 3rd
We are WatchGuard Gold Partners. WatchGuard provides security from the network to the endpoint and if you have all their solutions SIEM like intelligence informs and helps to protect your sensitive data.
Legal Sector & Cyber Security Awareness Month #besmarterthanahacker
Sources
Cyber Threat Report: UK Legal Sector (ncsc.gov.uk)
SRA | Cyber Security – A thematic review | Solicitors Regulation Authority
Annual Law Firms’ Survey 2022 – PwC UK (Download leaving details)
DLA Piper still struggling with Petya cyber attack | Financial Times (ft.com)
DLA Piper paid 15,000 hours of IT overtime after NotPetya attack – Security – iTnews