‘Prime targets for cybercriminals and other attackers’, report finds
The UK government’s intelligence, security, and cyber agency, GCHQ, has warned law firms of the risk associated with remote working when it comes to cyber security and staving attacks.
Since Covid-19, there has been an unprecedented shift towards remote working. In a report issued by GCHQ’s cyber defence arm, the National Cyber Security Centre (NCSC), this change is cited as a challenge for firms attempting to maintain secure working practices and protect client confidentiality.
The report, issued to law firms on Thursday, identifies Russia, Iran and North Korea as nation states that may use “criminal actors for state ends, operating to raise funds and cause disruption using criminal malware techniques”.
It suggests that the large amounts of money and confidential data that move between firms and their clients are a target for cybercriminals, highlighting the Solicitor Regulation Authority’s 2020 cyber security review which revealed 30 out of 40 law firms surveyed had been the target of a cyber attack.
Lindy Cameron, CEO of the NCSC, acknowledged that “firms are vulnerable in new ways due to changing patterns of work — accelerated in the Covid-19 pandemic — and the increasing sophistication of cyber attacks”. Cameron added the NCSC “welcomes the increased support and investment in cyber security we’re seeing across the sector”.
Law Society president Lubna Shuja commented:
“By taking proactive steps to address cyber threats, we can continue to protect the rule of law, ensure access to justice, and provide secure legal services that allow businesses, individuals, and the wider economy to thrive.”
Last year Legal Cheek reported a number of incidents involving cyber attacks on the legal sector. Tuckers Solicitors, a criminal law firm, was fined £98,000 after being the target of a 2020 ransomware attack which encrypted 972,191 individual files including court bundles, some of which were placed on the dark web.
In 2021, listed law firm Gateley revealed “some client data” was compromised in a cyber security attack on its IT system. Its share price dipped by 8% within an hour of the firm releasing a statement to the London Stock Exchange acknowledging the attack had accessed “0.2% of the company’s data”.