Information on ongoing criminal cases or mergers and acquisitions are valuable to criminals interested in insider trading or subverting the course of justice, according to the NCSC’s ‘Cyber threat report: UK legal sector’, published last week.
Time pressures associated with transactions and the substantial sums being handled create attractive conditions for phishing attacks and email compromise. The high cost of disruption to legal practices, in terms of reputation, billable hours and costs to clients, make legal practices enticing to ransomware gangs looking to extort money in return for restoring IT services.
For example, a ransomware gang attacked Tuckers Solicitors in 2020, encrypting case data and back-ups and publishing data relating to 60 court cases on the dark web. Tuckers refused to pay the ransom, and worked with the police on their investigation.
The report emphasises that all law practices are under threat, whether barristers’ chambers, sole practitioners, larger firms or in-house legal department. It identifies who might attempt a cyber-attack, outlines different types of attack, offers advice on prevention, and explains what to do next.
Alex Bransome, chief information security officer at Doherty Associates, said the report ‘highlights that the digital landscape is a double-edged sword for the legal sector.
‘While technology unlocks unprecedented efficiencies, it is also exposing the sector to new, sophisticated threats. Law firms must integrate cyber security into the DNA of their operations, making it a priority from the boardroom to the intern’s desk. This begins with cultivating an informed and vigilant workforce, fostering an organisational culture that respects and understands cyber hygiene.
“It’s also about adopting best practice standards, leveraging resources like the NCSC’s guidance, and partnering with cyber security experts.’