Lawyer Monthly Magazine - February 2019 Edition

FEB 2019 18 Special Feature www. lawyer-monthly .com Law Firms Must Evolve Their Cyber Strategy to Survive Cyber attacks have become a serious concern for all types of businesses today, but the legal sector has more to fear thanmost. Their business model is based around trust and confidentiality, which means a breach can deal a fatal blow to their reputation; trust is hard earned but easily lost. Although law firms understand the importance of client confidentiality perhaps more than any other industry, they can also be target for sophisticated attacks from criminals looking to infiltrate the network and gain access to the highly confidential client data in their care. In many instances it will be easier for a cyber-criminal to target the law firm than the client directly. Adequately preparing for cyber threats has proven to be a difficult challenge for many companies, and even the most secure organisations know it is a matter of when, not if, their defences will be breached. Law firms must approach this in the same way that they would advise their own clients; through robust risk assessment and mitigation strategies which not only strengthen their defences but also ensure they can recover quickly in the event of an incident. What are the biggest cyber threats facing law firms? Most companies that suffer a security breach are hit by attacks that go out to tens or even hundreds of thousands of different companies. The criminals behind these untargeted attacks will follow the path of least resistance, so if a company has stronger defences, they will ignore in favour of easier pickings elsewhere. Law firms however will be more likely to be targeted specifically by cybercriminals because of their clients and the high value data they hold. Targeted attacks are far more difficult to defend against, and tenacious criminals chasing a big payday will invariably be able to find a way to breach the network eventually. One of themost common tactics used in these targeted attacks is to go after a firm’s third-party connections, such as suppliers. Even if a firm has a decent amount of security in place, it By Malcolm Taylor, Head of Cyber Security at ITC Secure