Briefing Mar19, Cybersupp cover art

LITL 2019 security special

reports|

Law firms explain what’s on the agenda for managing the risk of cyberattack

GET YOUR COPY NOW

DOWNLOAD

INSIDE

WHO'S WHO THIS MONTH

Andy Sparkes, General manager, LexisNexis Enterprise Solutions
David Aird
IT director,
DAC Beachcroft

Research comment

Karen Jacks, Bird and Bird
Karen Jacks
IT director,
Bird & Bird

Research comment

previous arrow
next arrow
Slider

ISSUES IN BRIEF

Briefing Mar19, Cybersupp cover

Cybersecurity was one of two new ‘priority risks’ to make the Solicitors Regulation Authority’s set of 10 in its 2018/2019 risk outlook. It is, of course, hardly a new risk. “But we recognise that this is of increasing concern to the profession, so we have set it out as a separate risk,” the SRA said in its foreword to this regular report.

The regulator itself received 157 reports of cybercrime back in 2017, up 52% on 2016 – and of course, the nature of attacks continues to evolve. In 2017, for example, it says that email fraud fell to an average of just under half (46%) of those crossing its path; in the first quarter of 2018 this had shot up to 71%. Email modification, or so-called ‘Friday afternoon’, fraud is the most common of the scams that hit law firms, where criminals falsify emails from a supposed client, (or the firm itself) leading to new bank details being handed over by one or the other. And of course, there are the likes of phishing/vishing activity and malware/ransomware – both of which were also singled out in the UK National Cyber Security Centre’s first report on the threat level facing the legal sector specifically in 2018.

 

PLACE YOUR THREATS

Briefing Mar19, Cybersupp cyberhouse illu

The number of law firms reporting information security incidents is on the up. In July 2018, the National Cyber Security Centre (NCSC), part of GCHQ, found that 60% of law firms had reported some form of information security incident in 2016–2017 – an increase of almost 20% on the previous 12 months. Richard Brent and Andrew Muir report on what, if anything, can be done. 

I NEED A CISO?

Briefing Mar19, Cybersupp information security graph

In Legal IT landscapes 2019, only 15% of law firm leaders reported that somebody with the specific title CISO is the most senior person responsible for information security in their firm (p9). At three-fifths of firms it is a CIO or IT director, and at a quarter of firms it’s somebody else entirely. Assessing and deciding exactly what needs to be done to prepare is perhaps the difference that a chief information security officer can make.

MINDSET THE GAP?

Briefing Mar19, Cybersupp hoodie haker illu

Dean Hill, executive director at Eze Castle Integration, says law firms are becoming increasingly knowledgeable about the range of cybersecurity attacks they could expect to see targeting their systems. Proper incident response continues to be business-critical – but certain actions can also reduce the likelihood of a successful attempt in the first place.

Briefing Mar19, Risk supp cover
supplements

A world of risk

Uncertainty is on the horizon. How is business preparing for the unknown?
BRIEFING LEADERS MBD 2019 cover
reports

Marketing and BD leaders 2019

Where is legal drawing its marketing and BD leaders from now?