The National Cyber Security Centre or NCSC of the UK found that cybercriminals stole a total of over $14 million from legal firm clients in 2016 thru 2017. Last year, about 60% of the country’s law firms reported info security incidents. This was an increase from 2016 by nearly 20%.
The CEO of the NCS, Ciaran Martin had this to say in the report:
“Like all businesses, law firms are increasingly reliant on IT and technology and are falling victim to a range of malicious cyber activity. Losing access to this technology, having funds stolen, or suffering a data breach through a cyber attack can be devastating, both financially and reputationally, not only for the firm but also its clients.”
The President of the Law Society, Christina Blacklaws, emphasized that the massive loss is due to the fact that legal firms are “attractive targets.” This is because their day-to-day work routine consists of the constant handling of client monies and sensitive client data.
Also in the NCSC report, the cybercriminals who target UK’s legal segment are “financially motivated.” Data breaches, phishing attacks, and ransomware attacks are the most significant cyber threats faced by legal firms and indeed this is not the first time this particular industry risk has been reported.
A quote from the NCSC report stated:
“A law firm’s supply chain can be compromised in various ways, for example through the exploitation of third-party data stores or software providers. Cybersecurity is all too often thought of as an IT issue, rather than the strategic risk management issue it actually is.”
The NCSC cautioned legal firms stating that when they’re storing extremely sensitive client data, if security protections are not appropriately implemented, the whole industry itself could be at risk of endangerment.
Efforts from both the NCSC and the cyber arm of the GCHQ collaborated on the report, as well as the legal segment and law enforcement organizations of the UK. The purpose of the report itself is to aim for the enhancement of the resilience and cyber maturity of law firms and to establish “best practices on cybersecurity across the industries.”
Please leave any comments you may have on this article below.
