The legal sector will remain an attractive target for the full spectrum of threat actors; cyber-criminals, hacktivists, state-sponsored groups. Unsurprisingly, this is due to the wealth of sensitive data held within the industry; patent data, merger and acquisition information, negotiation information, protected witness information. The scope is vast and not limited to the above list. Legal firms are equivalent to a pot of gold for any of these groups.
For example, criminals might target you because (they hope) that you hold significant amounts of money in your accounts (both corporate and personal). Hacktivists might target you because of your work in a particular area of law or because of specific clients that you may represent. State-sponsored groups may target you to obtain sensitive merger and acquisition information, or compromise your website in order to target a refined element of your client base. The problem is not going away.
Cyber security is often seen as an inconvenience. A substantial cost that you will never see a return of investment for. However, this is changing. In a world where contracts are won and lost on the basis of very small margins, each differentiator counts. Information security and protection of client data is increasingly seen as a key differentiator.
The government sponsored Cyber Essentials scheme is a great avenue for this. It gives businesses the chance to obtain an accreditation against an assurance framework that seeks to mitigate the most common cyber threats. This accreditation will demonstrate to your customers that you have taken essential precautions in order to better protect their data; an attractive selling point. Context is an approved accreditor of this scheme.
Employee awareness is also essential. By giving employees an awareness of the cyber threat and practical tips for how to better protect themselves and the organisation; it can engender a real cooperative approach to security. Security is a shared responsibility across an organisation and by empowering staff with knowledge you are increasing your ability to detect a compromise quicker; whilst enriching your employees with new skills and information. Context offers threat awareness briefings to staff, which give a high level overview of the threat but also cover how employees might be impacted directly; for example by Ransomware or phishing/spear-phishing attacks.
The threat landscape is continually expanding and ever changing. Increasingly, we are seeing criminal groups targeting corporate entities as opposed to just speculatively targeting individuals for financial gain. The malware used in these attacks is increasingly becoming more sophisticated and covert. In part, this is due to the proliferation of sophisticated malware via underground forums. In addition, hackers for hire, a worrying development, allow nation states with limited capabilities in this area to rapidly acquire the tools to deploy cyber-attacks in order to obtain intellectual property and sensitive data. Unfortunately, law firms will be at the top of the list for these groups for all the reasons outlined at the start of this post. Stay ahead of the curve; seize the opportunity to be a leader within your sector; protect your clients and your interests whilst attracting some new business along the way.
Tom is a part of our Response team in Context's London office, please refer to the contact page to get in touch.