NCSC urges legal firms to strengthen their cyber defences
Above: To view the Cyber Threat to the Legal Sector report, click here .
The National Cyber Security Centre – which is part of GCHQ – has published its latest Cyber Threat to the Legal Sector report to highlight the potential threats to legal firms, from ransomware attacks by criminals to intellectual property theft by state actors.
The report, which updates a previous iteration from 2018, looks to help UK law practices of all sizes and types of law be more resilient to the main methods of attack.
It warns how the widespread adoption of hybrid working, accelerated during the COVID-19 pandemic, has increased the risks online and how sensitive information and the sums of money firms often handle can make them particularly attractive targets to attackers.
The report also contains case studies which emphasise the severe impacts that incidents can have; for example, conveyancing firm Simplify Group was left unable to process house moves for weeks after an attack, which is reported to have cost the company £6.8 million.
Another firm, Tuckers Solicitors LLP, had data relating to 60 court cases stolen and leaked on the dark web after it fell victim to a ransomware attack.
NCSC CEO Lindy Cameron said: “The UK legal sector carries out essential work to uphold our society; however, we know the sensitive data legal firms handle can make them attractive targets to online attackers.
“With the cyber landscape constantly evolving, the NCSC has produced an up-to-date picture of the latest threats facing the sector, alongside advice and guidance designed to ensure the sector can stay secure.
“I urge all legal practices to follow the guidance in this report and take full advantage of the NCSC’s tools that it recommends to help increase their cyber resilience.”
The report has been produced with input from a range of industry experts and stakeholders, including the Law Society, the Bar Council, the Solicitors Regulation Authority, Action Fraud, National Crime Agency and the NCSC’s Industry 100 partners.
The Bar Council CEO Malcom Cree said: "This new report is both welcome and important. It provides extensive advice, information, and assistance to equip the legal sector with a better understanding of the challenges we all face. The report enables us all to reflect on the many challenges and focus on building better cyber security resilience in the legal sector.”
The Law Society President Lubna Shuja said: “It is vitally important that solicitors and law firms, whether large or small, are aware of the cyber threats they face and take steps to safeguard their systems. This new report from NCSC is a timely intervention that will be an essential resource for our members, providing information, practical guidance, and tools to help the legal sector protect the sensitive data it holds against cyber attack.”
The NCSC has a range of guidance and tools that organisations can access to improve their cyber security resilience, including the NCSC’s Active Cyber Defence (ACD) programme or the Cyber Essentials programme to secure a baseline of cyber security protections.
Also, following a successful initial first year, smaller legal aid organisations can apply for free support with securing Cyber Essentials certification through the Funded Cyber Essentials Programme.