The National Cyber Security Centre (NCSC) and Information Commissioner’s Office (ICO) recently issued a joint letter urging the legal profession to stop advising clients to pay ransom demands following a ransomware attack. The letter emphasised how paying ransoms exacerbates the broader ransomware threat, incentivising further cyberattacks and failing to guarantee the return of stolen data. To avoid the temptation of paying up, legal firms have a role to play in translating the value of proactive cybersecurity solutions to their clients and emphasising the critical need for multiple security controls to help prevent cyberattacks and minimise business disruption in the event of a successful breach. As stated by Paul Philip, Chief Executive of the Solicitors Regulation Authority, “It is in everyone's interest that firms take all reasonable steps to protect themselves and their clients, all the more so as innovation and increased use of IT make information security a priority.” While there is no one ‘silver bullet’ to complete cybersecurity protection for firms and clients, there are a number of security solutions that can be hugely effective when implemented in tandem. To Pay or Not to Pay? Ransomware is a type of malware which prevents a user from accessing their device and the data stored on it, usually by encrypting its files. The criminal group who deployed it then demands a ransom in exchange for decryption. The NCSC’s CEO has called it the “biggest online threat to the UK”, while new research from Microsoft has revealed a rise in ransomware-as-a-service (RaaS) attacks. This is particularly concerning as RaaS essentially democratises ransomware and enables criminals with little to zero technical know-how to launch malware. In this cyber climate, any business, small or large, across all industries, is at risk of a devastating data breach. What is crucial to iterate is that paying ransom demands following an attack does not ensure the safe return of stolen data, nor does it constitute a positive resolution Why Legal Clients Should Never Pay Ransoms Tom Keya Founder, Soulh 71-75, Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ www.tomkeya.com Special Feature Cybersecurity has quickly become one of the legal sector’s foremost concerns. In particular, ransomware attacks can pose a major threat to clients due to the sensitive information that is necessarily retained during business. Lawrence Perret-Hall, director at CYFOR Secure, discusses the importance of refusing to pay up in the event of a ransomware attack and how a combined, proactive cybersecurity strategy removes the temptation to pay. 36 LAWYERMONTHLYOCTOBER 2022
RkJQdWJsaXNoZXIy Mjk3Mzkz