Briefing Mar19, Cybersupp cover art

LITL 2019 security special

reports|

Law firms explain what’s on the agenda for managing the risk of cyberattack

GET YOUR COPY NOW

DOWNLOAD

INSIDE

WHO'S WHO THIS MONTH

ISSUES IN BRIEF

Briefing Mar19, Cybersupp cover

Cybersecurity was one of two new ‘priority risks’ to make the Solicitors Regulation Authority’s set of 10 in its 2018/2019 risk outlook. It is, of course, hardly a new risk. “But we recognise that this is of increasing concern to the profession, so we have set it out as a separate risk,” the SRA said in its foreword to this regular report.

The regulator itself received 157 reports of cybercrime back in 2017, up 52% on 2016 – and of course, the nature of attacks continues to evolve. In 2017, for example, it says that email fraud fell to an average of just under half (46%) of those crossing its path; in the first quarter of 2018 this had shot up to 71%. Email modification, or so-called ‘Friday afternoon’, fraud is the most common of the scams that hit law firms, where criminals falsify emails from a supposed client, (or the firm itself) leading to new bank details being handed over by one or the other. And of course, there are the likes of phishing/vishing activity and malware/ransomware – both of which were also singled out in the UK National Cyber Security Centre’s first report on the threat level facing the legal sector specifically in 2018.

 

PLACE YOUR THREATS

Briefing Mar19, Cybersupp cyberhouse illu

The number of law firms reporting information security incidents is on the up. In July 2018, the National Cyber Security Centre (NCSC), part of GCHQ, found that 60% of law firms had reported some form of information security incident in 2016–2017 – an increase of almost 20% on the previous 12 months. Richard Brent and Andrew Muir report on what, if anything, can be done. 

I NEED A CISO?

Briefing Mar19, Cybersupp information security graph

In Legal IT landscapes 2019, only 15% of law firm leaders reported that somebody with the specific title CISO is the most senior person responsible for information security in their firm (p9). At three-fifths of firms it is a CIO or IT director, and at a quarter of firms it’s somebody else entirely. Assessing and deciding exactly what needs to be done to prepare is perhaps the difference that a chief information security officer can make.

MINDSET THE GAP?

Briefing Mar19, Cybersupp hoodie haker illu

Dean Hill, executive director at Eze Castle Integration, says law firms are becoming increasingly knowledgeable about the range of cybersecurity attacks they could expect to see targeting their systems. Proper incident response continues to be business-critical – but certain actions can also reduce the likelihood of a successful attempt in the first place.

supplements

AI in action

Where are firms bringing genAI to bear on efficiency across the functions?
reports

Briefing/HSBC UK law firm strategy survey 24-25

Where are law firm leaders prioritising focus for the next 12 months?