Lawyer Monthly - November 2021 Edition

23 NOV 2021 | WWW.LAWYER-MONTHLY.COM EXPLORING THE CYBER THREATS FACING LEGAL SERVICES Common attacks The main way hackers will breach legal firms is through email. Phishing techniques are now extremely sophisticated, able to trick an unsuspecting employee into clicking malicious attachments or links. As a relatively easy attack to pull off but highly lucrative, it is a popular method for hackers. Business email compromise is one of the more serious types of phishing attack affecting legal firms. This involves the infiltration of a company’s email system where a hacker will then pose as an employee, usually in a position of seniority, and send emails to other employees, clients, or partners. The recipient sees the email is from someone seemingly legitimate, making it even more likely that they will act on what is being requested. Often, a hacker’s success will rely on a mistake on the inside. Although there can be malicious ‘insiders’, it is usually someone who has been tricked by such methods as described above. A lack of training and cyber awareness can lead to legal employees being less vigilant around cyber risks like email or password security, making them more susceptible to these social engineering tactics. Legal practices also make good targets for ransomware attacks as hackers know how valuable the data is, particularly when dealing with confidential cases, so they may demand a large ransom fee. However, firms are usually advised not to engage with a hacker in the case of a ransomware attack; often a hacker will still release the sensitive information because they know they can benefit financially elsewhere as well. Ransomware group Maze targeted five law firms in February 2020, demanded a $1 million ransom and still released stolen data online. The Impact These attacks can be detrimental to law firms. Data breaches can incur financial costs, be that in the form of an unfortunately paid ransom, regulatory fines, or business downtime because of the attack. Data loss can also have an impact on market shares, as seen in a recent attack on UK Law firm Gateley. The legal sector is a lucrative one, and financial gain is the number one motivation for hackers, so it is not surprising that IBM have recently revealed the average cost of a breach for professional services to be around $4.65 million in 2021. However, attacks are not only a financial burden, but can also severely affect a firm’s client relationships and reputation. If a legal firm experiences a data breach, this sends a message to their clients, partners, suppliers, and stakeholders that they are not a secure business and data held by them is not being protected effectively. Many may choose to terminate contracts, preferring to work with a legal practice that they can feel safer with. Reputation is arguably a more serious consequence than anything financial for the legal sector, as one serious cyber- attack can be associated with a firm forever,