The Legal Sector & Cybersecurit
Benjamin Franklin once said “in this world, nothing is certain but death and taxes”. Almost 250 years on, one wonders whether cyberattacks would have been included in that quote had it been made following the advent of the digital revolution.
This article critically examines the recent cyberattack on a key IT service provider in the UK legal sector. It serves as a reminder of the vulnerabilities that exist within interconnected digital frameworks and highlights the operational difficulties cyberdisruption inevitably brings with it, particularly from a data security standpoint.
This piece advocates for a forward-thinking cybersecurity approach and calls for law firms to proactively fortify their cyberdefences, by identifying what cybercriminals already know about their infrastructure, and taking the appropriate steps to mitigate those risks.
Legal Firms & Their Service Provider Under Attack
Last week, a prominent managed service provider (MSP) for UK law firms fell victim to a debilitating cyberattack.
This incident, which unfolded with alarming speed, highlights the fragile nature of the digital infrastructure that underpins many providers of crucial legal services. The MSP, known for its specialised technological support to the legal sector, faced an unprecedented service outage.
This outage, triggered by a cyber-incident, brought with it significant operational disruptions for numerous law firms across the UK. The impact of this attack was not confined to the MSP but rippled through the legal sector, affecting the operations of many law firms and their clients.
As law firms and their technical support teams work to overcome the problems caused in the immediate aftermath of the incident, it clearly highlights the urgent need for robust cybersecurity resilience measures to be in place in the legal sector.
We are hereby exploring the details of this cyberattack and its broader implications, and urging firms to take a proactive stance to guard against evolving digital threats.
The Incident in More Details
The attack has caused major disruption, underscoring the vulnerability of digital infrastructures. After initially manifesting itself as a service outage last Wednesday, the incident rapidly evolved, severely impacting the operations of a significant number of law firms.
While full details of the attack are not yet clear, early indications suggest a serious threat to the security and confidentiality of sensitive legal data.
This cyber incident had a direct and tangible impact on property transactions, hindering the ability of numerous individuals to exchange contracts and complete house purchases. This highlights the often overlooked fact that cyber related disruption inevitably extends far beyond technical infrastructure and presents complex and immediate challenges to business as usual operations in today’s increasingly interconnected world.
This attack is a timely reminder of the need for heightened (and effective) cybersecurity vigilance and resilience, particularly in dynamic sectors handling time sensitive transactions.
Serious Implication for Law Firms and Others
The recent cyberattack not only disrupted the technical infrastructure, it also impacted the operational aspects of many UK law firms. While a temporary disruption in business as usual activities brings short term inconvenience, cyberdisruption has the potential to bring with it much further reaching consequences where a clients’ perception of trust and reliability in that firm is negatively impacted.
Law firms, as custodians of highly sensitive client information, are highly attractive targets for cybercriminals. In recent months, law firms have been actively targeted to obtain sensitive client data as they are perceived to have poorer cyberdefences than many of the clients they act for.
This most recent incident serves as a cautionary tale: it highlights the clear need for law firms to not only invest in robust cybersecurity infrastructure but also to cultivate a culture of cybersecurity awareness and preparedness. This includes having effective incident response plans, business continuity plans, employee training and regular audits in place and, most importantly of all, a proactive approach to identifying and mitigating potential cyber threats.
In an age where digital transactions are the norm, the security of digital infrastructure is not just a technical concern, but a cornerstone of operational integrity and client trust.
What About Risk and Vulnerabilities?
This cyberattack has brought into sharp focus the inherent risks and vulnerabilities associated with relying on managed service providers (MSPs) in the legal sector. MSP’s play a significant role in supporting law firms with their technology infrastructure.
However, this dependency also introduces certain risk factors.
- The UK National Cyber Security Centre (NCSC) has previously warned that the use of MSP services can increase the attack surface for organisations.
- MSPs, by virtue of managing resources for multiple clients, can become lucrative targets for cyber attackers.
- A successful breach of an MSP can lead to a domino effect, compromising the security of all its clients.
In the case, there is speculation around the exploitation of the CitrixBleed bug. This vulnerability, which has affected other firms in recent weeks, is a significant concern as it can allow attackers to access sensitive data and infiltrate networks.
The potential exploitation of such a vulnerability in this incident underscores the need for continuous vigilance and regular updates of security protocols by MSPs.
In turn, law firms must be proactive in understanding the security measures deployed by their MSPs, ensuring that they align with their own security requirements and are appropriate for the sensitivity of the legal data they handle.
The evolving nature of cyberthreats, including sophisticated exploits like the CitrixBleed bug, means that law firms and their MSPs must remain ever-vigilant, constantly updating and fortifying their cyber defences to guard against new and emerging vulnerabilities.
Predictive & Proactive Measures for Cybersecurity
In the rapidly evolving attack landscape, a proactive and predictive cybersecurity approach is essential.
Utilising advanced solutions that focus on threat prediction and detection capabilities allows organisations to anticipate and effectively counteract cyberthreats before they escalate.
Emphasising prevention, these technologies enable firms to identify vulnerabilities within their own infrastructure, compare those with the strategies deployed by cybercriminals, and take the appropriate steps to safeguard their IT infrastructure.
Preventing, Defending, Reacting: Keys to Security
Most businesses know of the more routine technical solutions that can be used to guard against cybercriminals.
Even the most hardened technophobe would be familiar with terms like anti-virus software and firewalls.
However, a surprising number of businesses don’t know about some of the more effective pro-active measures that can be used to test their environment to identify weaknesses so remedial action can be taken before those vulnerabilities are exploited by cybercriminals.
Cyber risk assessments are an excellent way of clearing identifying an organisations’ current security posture in order that threats can be anticipated and mitigated ahead of time, in line with industry best practice.
This “outside in” approach gives a “hacker’s view” of an organisation which is very helpful in identifying how to combat the risk presented by hackers.
Stefan Uygur, Chief Executive Officer at Dectar said:
“It’s only by knowing how hackers get into an organisation that effective steps can be taken to keep them out. Cyber risk assessments are the first step on that journey.
All too often, businesses only implement the appropriate safeguards after an incident has taken place, which is a great pity when effective solutions exist which could help prevent the incident from happening in the first place”.
Given the volume and sensitivity of information held by law firms, it is important that effective pro-active cybersecurity steps are taken to avoid the plethora of issues that are inevitably faced in the aftermath of a compromise.
What’s The Way Forward for Law Firms?
The recent cyberattack on a key IT provider in the legal sector serves as an urgent reminder to firms to reassess and strengthen their cybersecurity postures.
Law firms must not only fortify their technical defences but also embrace a culture of continuous improvement and vigilance in their efforts to keep cybercriminals out.
As we navigate an increasingly complex digital landscape and a threat landscape which evolves several times each day, the commitment to robust cybersecurity is not just a necessity but a fundamental responsibility for every law firm.
About The Authors:
Anton Angione is the Head of Emerging Technologies and Security at Dectar. He has over 20 years’ experience of advising clients on their pro-active cyber security posture.
Craig Kennedy is the Head of Cyber Risk at Nortal having previously been a Partner at the world’s largest law firm.