Why Legal Firms Are A Treasure Chest For Cyber Criminals
17 August 2017 14:06
All industries are a target for cyber attacks. From financial and manufacturing, right through to health services and charities, nobody is immune. Although, few sectors can boast a treasure chest as rich as a legal firm's -- and criminals know just where to find it.
The Growing Threat
When we say treasure, we mean it. Legal firms have a mountain of client data that cyber criminals are itching to get hold of -- and they're fighting off unprecedented attacks to keep this data out of their reach. The struggle is becoming even more tenuous given the widening availability of technology that is making these attacks possible. Take a look at Ransomware-as-a-Service (RaaS), and you'll find a severely damaging kit of malicious software that's available to anyone -- even the less tech-savvy people.
The recent WannaCry ransomware attack that hugely disrupted the NHS (as well as 200,000 computers in over 150 countries) was the latest big-news breach in the cyber world. Although the old "every cloud has a silver lining" saying might have just proven right with this one, as firms across the UK are deciding to step up their cyber defense strategies.
This is a good step to a much-needed stride for all businesses, although that silver line might seem rather thin for many law firms, as they are very much viewed as a growing target for current and future cyber attacks.
Like many industries, the digital age means that businesses in the legal sector are storing more and more data online. What separates law firms from many other organisations, is just how valuable the data is that they keep in their grasp. From a client's personal data, right through to intellectual property, cyber criminals are chasing their goal of monetising stolen data, and they know exactly where the treasure is hidden.
The Figures Paint A Daunting Picture
The most recent Natwest Legal Benchmarking survey found that 24% of 269 legal firms had experienced a fraud-related loss or cyber attack in the year ending April 2016. Add to that a PwC statistic, cyber attacks on law firms have increased by 60% in the past two years.
With these figures in mind, it's clear just how much cyber security needs to be the main priority for any firm. The repercussions of allowing easier access to a cyber criminal can, eventually, tarnish the trust between the lawyer and the client. The reputational damage can be catastrophic to a law firm, not to mention long-lasting. It's time for all legal firms to see data and client information not just as a product, but as one of their crown jewels in need of extra security.
The Threat Of Employees
Whether intentional or not, end users can potentially pose an even bigger risk to security than vulnerable computer systems can. After all, they have legitimate access to a firm's systems and can mistakenly (or intentionally) leak data, and there's a good reason why humans are seen as the weakest point in the security loop. They consume countless information from all kinds of sources, and the rise of human-targeted cyber attacks all provide serious risks.
Being duped into clicking on links that we deem safe from friends and colleagues isn't anything new -- but the techniques are changing. This provides an activation point for hackers to exploit weaknesses in a legal firm's computer systems. This along with not being up-to-date on security updates provides the hacker with the ability to take control and cause havoc.
Don't Fall For The Same Old Trap
The attack on the NHS exploited vulnerabilities in older versions of Windows operating systems and legacy applications that some hospitals were still using. This type of scenario is not too dissimilar from some law firm mergers, where across a whole firm there might be multiple operating systems or ways of working to support old legacy systems. Procuring long-term investment from the boardroom to upgrade systems remains a challenge.