Nation states and 'groups with a political or ideological agenda’ rank alongside organised criminals as potential perpetrators of cyber attacks on law firms, according to government computer security experts. A report by the National Cyber Security Centre, part of Government Communications HQ, says the cyber threat to the legal sector is ‘significant’, noting that 60% of law firms reported an information security incident in 2017.
Law firms are a particularly attractive target for cyber attack, the report states. They hold sensitive client information, handle significant funds and are a key enabler in business transactions. The risk may be greater for law firms that advise particularly sensitive clients or work in locations that are hostile to the UK, the report warns, without naming examples.
Meanwhile, 'Firms acting for organisations that engage in work of a controversial nature such as life sciences or the energy sector may also be targeted by groups with a political or ideological agenda.
The primary threat to the UK legal sector stems from cyber criminals with a financial motive. 'However, nation states are likely to play an increasingly significant role in cyber attacks at a global level, to gain strategic and economic advantage,’ the report warns. 'There has also been some growth in the hacktivist community targeting law firms to achieve political, economic or ideological ends.’
It also sounds a note of caution on technologically innovative firms, saying the move to offer legal services digitally will not only provide new opportunities but also further avenues for malicious cyber exploitation.
According to the guide the most significant current threats are phishing, data breaches, ransomware and supply chain compromises. It offers advice on how to defence practices against all four, stressing that information security is not just a matter for IT departments.
The Law Society is among the organisations contributing to the guide. Christina Blacklaws, president, said: 'As data controllers, law firms handle significant volumes of confidential and sensitive information and client monies as part of their daily work. It’s vital that we get a common view and understanding of cyber threats and their impact.
'The Law Society sees this report as a positive step to help our members spot vulnerabilities and put relevant safeguards and protections in place.’