You'd imagine, perhaps logically, that committing a crime under the nose of legal professionals isn’t so much playing with fire as it is leaping face-first into the flames. Yet the logic of your average cyber criminal is far removed from our own, and when it comes to the legal sector it - like any other industry - is fair game to all of them.
It's a risky move, but for cyber criminals it’s also a lucrative one. The payload of any major attack is always that ever-valuable data, and the legal sector is swimming in the stuff; sensitive, confidential, and incredible valuable for those dabbling in its illicit trade. Imagine the price that someone would pay for previously undisclosed trade deals, or the potential ‘dirt’ on a witness or defendant.
The Law Society last explored the biggest threats to the legal sector in a 2018 survey, discovering that the industry is becoming increasingly susceptible to attack. 52% of firms claimed to have successfully detected an attack, of which the most common were:
Phishing emails (81% of affected firms)
Spoofing (53% of affected firms)
Viruses and Malware (47% of affected firms)
Within the law sector, as with many other industries, phishing and spoofing are the cyber criminal’s most relied-upon methods for data breaches. As some of the easiest to orchestrate, this isn’t too surprising, and while phishing and spoofing are far from fool proof, they target such a broad range of victims that they are, eventually, successful.
The prominence of Malware is a little more troubling. While it is often distributed via Phishing and Spoofing attempts - both of which can be avoided with the right training - it can often take little more than clicking a malicious link to see it infecting a user. Uncontrolled, it can then slowly affect servers and entire networks, compromising the security not only of the victim but the entire workforce of a firm – not to mention their clients.
The nature of a law firm’s work is no deterrent for a cyber criminal – if anything, it only makes its sensitive data too valuable to pass up. That they can still get results from some of the crudest, most easily orchestrated attempts proves the law sector is no more immune to attack than any other small to medium business.
Thankfully, it’s much easier to defend from these attacks than it is to orchestrate them. Regular Phishing and Security Awareness Training ensures your workforce are familiar with the tactics of phishers and scammers – and, with a bit of luck, will make for much more encouraging statistics in the industry’s next security report. There’s also the typical protections that no infrastructure should be without – including firewalls, Antivirus software and a dedicated Disaster Recovery solution.
At Mirus, we're specialists in IT infrastructure, services and security, with solutions to suit all small to medium businesses – whatever their industry. Get in touch today for a Free Cyber Security Assessment, without obligation, or get in touch to ask about our Phishing and Security Awareness Services.
If a data disaster befell your firm, could you recoup the damage done to your sensitive and confidential data?
Our eBook, Data Security and Disaster Recovery for the Law Firms, covers the threats, consequences and solutions for a crippling data disaster. Download your copy here.
Click below to download your eBook.