The threat of cyber crime is nothing new to the legal sector. But in recent months worrying signs have appeared that the attacks are becoming more sophisticated and sustained, with new targets finding themselves in the criminals’ crosshairs.
Firms undertaking conveyancing continue to be targeted due to the potential to divert large funds, but now the attack surface is widening with those firms holding large amounts of sensitive client data finding themselves under attack.
Phishing and email modification frauds tend still to account for the majority of reported attacks, often with sole aim of deploying ransomware, which will allow criminals to lock firms out of their own systems and steal information.
Vulnerabilities in your supply chain
Growing awareness of the problems of doing business in the digital age, compounded by the need for remote access from a hundred or more homes offices, has ensured law firms typically dedicate a time, resources and effort to strengthening their defences.
In response, criminals are seeking weak points in the supply chain that supports law firms, from third-party service providers and print management companies to managed service providers and other less well-protected law firms. A successful attack on one of these can grant access to an apparently well-defended firm.
Of course some attacks are not immediately obvious. Criminals can scour systems for sensitive data and ways into other connected systems, without triggering a defensive reaction from the attacked host, which carries on business as normal, connecting to clients and suppliers in the process.
And no matter how much effort you as an organisation put into your security, the sheer number of ongoing attacks currently, significantly increases the risk that your business will succumb.
Which means, once a successful attack is identified, immediate action is imperative as the attackers are amplifying their efforts by looking beyond single machines and trying to lock up the victim’s backups too.
Worryingly, there has also recently been an increase in double extortion campaigns. Data is first exfiltrated and then encrypted, which provides the attackers with further leverage should an organisation refuse to pay their ransom demands.
The attackers are aware of the reputational damage any release of sensitive data could result in, to say nothing of the compliance fines and competitive disadvantage. Image the damage caused by stolen data containing new IP from a technology client being released onto the internet.
Not only are attackers stopping a firm using its hardware, but if a disaster recovery (DR) process is initiated, the criminal now put a figure on the data they hold, to not release it, let alone let the firm use it again.
Whether you manage your own infrastructure or leave it to a managed service provider, cyber security must be your number one ongoing technology priority. Whatever point you have reached in your digital transformation, please consider the following:
- Regular penetration testing, targeting technical infrastructure and staff members via phishing emails. External & Internal testing as a minimum, and if you have any web apps, these should be tested as well
- Automated phishing simulation and training
- Regular Vulnerability scanning
- 24/7/365 Security Operations Centre (with EDR and SIEM)
- Implement Mult Factor Authentication (MFA) on any public services, Citrix, emails, third party portal etc.
- Password manager to ensure everyone uses appropriate passwords, without re-using them
- Mimecast
- Radius authentication on Wi-Fi – coupled with Duo for MFA on Wi-Fi access
This all comes at a cost, but the chances are increasing daily that you will be successfully targeted. It might be significantly cheaper to protect yourself now rather than pay a ransom or have to placate angry clients after their data is splashed all over the internet.