According to The Cyber Threat to UK Legal Sector report, security incidents targeting UK law firms are on the rise. The 2018 report, which was published in order to “raise the cyber maturity and resilience of law firms”, states that “60% of law firms reported an information security incident in the last year, up from 42% in 2014”.
Why Are Law Firms A Target?
There are number of reasons why law firms are targeted by cyber-criminals. Firstly, law firms hold large amounts of sensitive data, which hackers can steal and sell on the black market or use for other types of fraudulent activity.
Secondly, law firms deal with the transfer of large amounts of money, which hackers can intercept – through business email compromise (BEC), or other social engineering techniques. In more recent years we’ve seen a rise in the number of attacks that are motivated by politics/ideology.
For example, you may have heard about the “Panama Papers” breach, which was said to be the largest data breach of all time and included 11.5 million documents. The leaked documents were said to reveal how the wealthy and powerful use tax havens to conceal their wealth. While there is some discrepancy surrounding the cause of the breach, it has been suggested that it was either due to the firm failing to properly encrypt their emails, or because the hacker was able to gain access to a legitimate set of credentials and elevate their privileges in order to download the documents directly from the mail server. Either way, the damage caused to the company’s reputation was such that it was forced to close.
How Can the Legal Sector Improve Their Security Defenses?
To answer this question, a good place to start would be the recommendations laid out by the NCSC’s Small Business Guide, which includes tips for securely backing up data, protecting against malware/phishing, protecting mobile devices, as well as tips for using passwords to protect sensitive data.
Whilst following these steps will certainly give law firms a good base to work from, they will also need to keep abreast with the latest security technologies, if they are to ensure that they have the visibility they need to identify insider threats.
Security Technologies for the Legal Sector
These days it is no longer necessary for companies to adopt a full blown SIEM solution to aggregate and correlate security events, as there is wealth of specialized solutions which are leaner and affordable.
For example, most Data Security Platforms focused on a DCAP (Data-Centric Audit & Protection) strategy can automatically track unauthorized/anomalous changes to access privileges, critical files/folders, mailbox accounts, and more. In the event that something suspicious takes place, a real-time alert will be sent to administrators, thus allowing them to conduct an investigation and take further action.
Some solutions allow administrators to automate a response to events that match a pre-defined threshold condition. For example, if a large number of files are encrypted over a short period of time, a custom script can be executed to prevent what could be a possible attack from spreading. This may include disabling an account or process, adjusting the firewall settings, or shutting down the affected server(s).
Depending on the budget, firms may also want to look into AI/machine learning solutions, which can be used to identify normal usage patterns and produce alerts when these usage patterns change. Using third-party software to monitor user behavior will not only make it a lot easier and faster to identify anomalous events but will also put firms in a better position to satisfy the relevant compliance requirements, such as those imposed by the GDPR and CCPA.