Some research by SecurityHQ has revealed the extent of cyber attacks in the legal sector. Out of 40 practices investigated, ‘75% reported having been the victims of a cyber-attack’ and for ‘23 of those that were directly targeted, over £4m of client money was stolen’. What makes this worse is that ‘Half of the firms were found to have allowed unrestricted use of external data storage media.’ reports the Solicitors Regulation Authority (SRA) Report.
Legal practises are built on their reputation and the relationships that exist between the company and its customers. According to Brian Inkster, founder of Inksters Solicitors, ‘In many ways, your reputation is your brand. It attracts people to the firm. From then on, every time you interact with a client, by living up to your ‘brand values’ you can confirm what they think and strengthen [or weaken] your reputation.’ (As stated in an article from Law Firm Ambition)
It is the reputation and the relationships that a legal practice depends on, that are frequently exploited. Compared to other industries, those within the legal sector have an elevated risk to cyber threats, primarily due to the confidential data and sensitive client information available if a breach is successful. And, because offices are filled with lawyers, and not IT teams, security is not often at the top of the priority list.
Who/What is Targeting the Legal Sector?
The Legal Services Global Market Report states that the industry is expected to ‘grow from $713.12 billion in 2021 to $788.94 billion in 2022 at a compound annual rate (CAGR) of 10.6%’. That said, it goes without question that the payoff of a successfully attack is substantial. Financial gain is at the heart of most attacks directed within the industry, with infiltration made via supply chain attack and ransomware/phishing attacks.
‘Supply chain, phishing, and ransomware attacks reflect a broader trend that cyber criminals want to exploit multiple organisations through a single point-of-attack.’ – Eva Velasquez, CEO, Identity Theft Resource Center (ITRC)
Legal practices hold a wealth of data that can be exfiltrated. Lawyers can’t afford to lose a single note on a case, so if data is stolen, they are more likely to pay the ransom or meet the demands of the threat group/attacker, as they have a lot to risk if the data is leaked.
Campbell Conroy & O’Neil P.C is just one example of the many legal practices hit by a ransomware attack in 2021. Following the breach, the company were unable to access files that were critical to their clients and contained personal information. In response to the breach, the legal practice issued this announcement regarding the information, which confirmed the gravity of the situation and the lack of knowledge surrounding the amount of information lost.
‘We cannot confirm if the unauthorized actor accessed or viewed any specific information relating to individuals. However, we determined that the information present in the system included certain individuals’ names, dates of birth, driver’s license numbers / state identification numbers, financial account information, Social Security numbers, passport numbers, payment card information, medical information, health insurance information, biometric data, and/or online account credentials (i.e., usernames and passwords).’- Campbell Lawyers
What Companies Can do to Stop Ransomware Attacks
In a recent white paper on Ransomware Threat Landscape it was highlighted that ‘new ransomware strains are emerging to leverage fileless malware and data exfiltration tactics, while opportunistic attackers are using any change in circumstances to launch more effective campaigns.’
The Challenge – Conventional security tools, which detect only known cyber-threats using rules and signatures, are blind to evolving strains of ransomware for which such signatures do not exist. Security teams cannot keep up with these threats using traditional controls alone, especially when they are understaffed or out-of-office.
The Solution – Businesses must employ security technology that can stop ransomware as it emerges before it can do any damage.
For more insights from SecurityHQ, download their white paper here.