The National Cyber Security Centre (NCSC) has published its first report into the cyber threat to the UK legal sector. The highlights of this document were presented at the recent UK Legal Sector Breakfast Briefing on the 19th July.
Ciaran Martin, Chief Executive Officer NCSC, introduced the report, “Like all businesses, law firms are increasingly reliant on IT and technology and are falling victim to a range of malicious cyber activity. Losing access to this technology, having funds stolen or suffering a data breach through a cyber attack can be devastating, both financially and reputationally, not only for the firm but also their clients.”
The NCSC Cyber Threat Assessment for the UK Legal Sector reports highlights the following:
£11 million of client money stolen in 2016-17
Reported by the Solicitors Regulation Authority (SRA), this data emphasises that the financial and reputational impact of cyber attacks on law firms is significant. The costs arise from the attack itself, the remediation and repairing reputational damage by regaining public trust.
What makes law firms attractive to cyber criminals?
Sensitive client information and the handling of significant funds are key enablers in commercial and business transactions. The risk to these assets may be greater for law firms that advise particularly sensitive clients or work in locations that are hostile to the UK.
Who are the attackers?
The primary threat to the UK legal sector stems from cyber criminals with a financial motive. However, nation states are likely to play an increasingly significant role in cyber attacks at a global level, to gain strategic and economic advantage. There has also been some growth in the hacktivist community targeting law firms to achieve political, economic or ideological ends.
Phishing is the biggest threat
The report highlights that phishing, ransomware and supply chain compromise are the top three concerns for law firms. Phishing is the most common and is particularly prevalent in areas of practice such as conveyancing. A recent Law Society poll of law firms showed that approximately 80% have reported phishing attempts in the last year. Its relative low cost/low tech – high reward relationship makes it a popular and lucrative method for cyber criminals. The amount stolen from law firms through phishing in the first quarter of 2017 was 300% higher than the previous year. The SRA website details 110 scams against law firms so far in 2018. One of NCSC Industry 100 law partners estimate that they receive over 11,500 phishing emails every month, across 5,000 staff.
How can law firms protect themselves?
The NCSC strongly recommends that all partners in a law firm review and implement their 10 Steps to Cyber Security best practice. They also recommend that smaller firms follow the advice in the Cyber Security: Small Business Guide.
Backing from the Law Society
The Cyber Threat Assessment for the UK Legal Sector report was created in collaboration with major law firms working under the NCSC Industry 100 scheme and the Law Society.
The importance of cyber security was reinforced by Christina Blacklaws, President of The Law Society in her statement,” As data controllers, law firms handle significant volumes of confidential and sensitive information and client monies as part of their daily work. In the post-GDPR world and as the sector delivers and transacts more online, it’s vital that we get a common view and understanding of cyber threats and their impact.”
About Wizard Cyber
Wizard Cyber is dedicated to helping law firms mitigate the risks associated with malicious or accidental cyber attack. We are a trusted supplier to many UK law firms and deliver 24/7 outsourced cyber security via our flagship range of CYBERSHIELD-MDR services.