The assessment comes from Lewis Slaney, writing from the website Threat Management. Slaney notes how legal practices process considerable volumes of sensitive and private information, which makes them a key target for cybercrime. He also notes that the number of attacks appears to be on the rise and that attacks are becoming more sophisticated.
Similar points are made by PwC. The business analysts see safeguarding intellectual property, financial information, and a legal firm’s reputation as paramount to any business strategy. PwC note that information and cybersecurity need to be placed very high non the agenda for the board meeting at any legal company.
In terms of the extent of risks, Legal Week have recently published a benchmark study titled ‘Locked Down?‘, in association with Stroz Friedberg. This survey showed how three quarters of employees in law firms with annual turnover above $500 million, think they are likely to be the subject of cyberattacks. The survey also showed that with a typical company, only 4 out of every 10 firms have undertaken a cyber risk assessment; however, with legal firms this figure drops to just 1 in 10.
Commenting on this report Russell Price, who is Chairman of the Continuity Forum (which looks at cyber risks and insurance), said: “as well as raising the profile of Cyber Risk across the legal profession this report points to the key activities that need to be addressed. Fundamental is a specific Cyber Risk Assessment to calculate threat and exposure within both the firm and their work for clients.”
This means that the legal sector needs to take action and put in place more mature security solutions. Here not only is the appropriate solution important, such as platforms that provide broad and deep visibility of the infrastructure, increases to personnel are also probably needed so that potential threats can be assessed. Assessment requires activities like risk prioritization, streamlined workflows and automation.
There are signs that some law firms are taking this seriously, such as with appointing chief information security officers. However, a review by Doherty Associates outlines the main risks facing law firms as ransomware; Distributed Denial of Service attacks, targeting servers; and legal fraud aimed as assuming false identities.
As well as needing to protect themselves, many legal firms are providing services for cybercrime victims, especially companies that have suffered data breaches. Such services include legal issues surrounding data protection, employment law, intellectual property, loss of confidential information; plus regulatory matters, insurance issues, health and safety concerns and matters of product liability. These are reflective of issues of privacy in the digital age.
